Bored Ape Yacht Club creator Yuga Labs is investigating a phishing attack after a hacker stole nearly $2.5 million worth of NFTs through the official Bored Ape Instagram account. The company disclosed the hack on Monday morning in a warning followers not to click on links or mint new tokens.
This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction. This transferred their assets to the scammer's wallet.— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
Per a screenshot shared by , the hacker behind the attack stole 133 NFTs after using BAYC’s Instagram account to promote a fake “airdrop.” Essentially, the scam promised people free tokens if they connected their MetaMask wallets to the site linked through the post. It’s unclear how the hacker accessed BAYC’s Instagram account, and Yuga Labs has yet to announce whether it will compensate those affected by the scam.
“At the time of the hack, two-factor authentication was enabled and security surrounding the IG account followed best practices,” the company . “We’ve regained control of the account, and are investigating how the hacker gained access with IG’s team.”
Among the stolen NFTs are four Bored Apes. As noted by , the most expensive token in the trove, Bored Ape (pictured above), recently sold for 123 Ethereum, making it worth approximately $354,500 at the current exchange rate. The four apes together are worth more than $1 million. One estimate by Molly White, the creator of , puts the value of the entire theft at approximately $2.4 million.
Monday’s incident is the latest NFT theft to involve a high-profile phishing attack. More than two dozen users lost access to about 250 tokens worth an estimated $1.4 million in February. As The Verge points out, what likely made this most recent scam particularly effective is that it not only came from the official Bored Ape Instagram account but that MetaMask currently only allows users to visually see their NFTs within its mobile app.