Update: June 4, 2022. The Bored Ape Yacht Club and Otherside Discord hacked.
The community posted on Twitter asking members of the Discord not to click any link from the fake announcement, which can be found here:
This is a developing story. Follow the conversation on Twitter here.
Original article follows:
Bored Ape Yacht Club’s (BAYC) Instagram account and Discord server were compromised last Monday, April 26th, unintentionally opening the gates for the theft of more than a dozen individuals’ digital valuables. The stolen NFTs are estimated to be worth upwards of $13.5 million, based on the floor price of the hacked digital collectibles.
BAYC’s Discord server was the first to be hacked, with its Instagram account following shortly after. Peckshield, a blockchain security firm, reported that the Instagram hack resulted in one Mutant Ape worth over $68,000 being stolen.
In a tweet, BAYC disclosed that the thief posted a fake link to a copycat website, along with a false airdrop. The airdrop prompted users to sign a so-called “safeTransferFrom” transaction, which transferred the NFTs to the hacker’s wallet.
Victims stated that the link, which has since been taken down, led to a page claiming to be sponsored by Yuga Labs. It called on users to connect their MetaMask wallet in order to be airdropped LAND, an upcoming governance and utility token of OtherSideMeta which is due to launch next week.
According to BAYC’s co-founder Garga.eth, the hacker stole a total of four Bored Apes, six Mutant Apes, three Kennels and other “assorted valuable NFTs.”
However, according to recent OpenSea transfers at the time of writing, it is estimated that around 24 Bored Apes and 30 Mutant Apes have been stolen, although some of these may be holders transferring their non-fungible tokens for security purposes.
“We will be in contact with the users affected and will post a full post mortem on the attack when we can. For now I would like to stress that 2FA was enabled on the account,” the co-founder assured the victims.
BAYC noted that the accounts were hacked despite their two-factor authentication being active and BAYC is following security best practices. Regardless, BAYC launched an investigation and guaranteed that they will unveil how the hacker gained access to their accounts.
On the other hand, a spokesperson stated that Yuga Labs and Instagram are still investigating how the account was compromised.
For the past 2 months, there were also two hacking incidents involving two big names in the crypto space.
On April 17, a phishing attack happened after hackers got access to a MetaMask user’s seed through their iCloud backup data, the hackers stole cryptocurrencies totaling $655K. (Read more: Hackers Steal $655K After Extracting MetaMask Seed From iCloud Backup)
On March 29, developer Sky Mavis discovered the hack which happened on March 23— nearly a week later — and reported that they suffered an exploit of 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC). Later, the FBI reported that North Korean hacking group Lazarus is behind the attack on the Ronin Network. (Read more: Axie Infinity Ronin Network Hack)
In the Philippines, another hack happened last night after the official Twitter account (@upsystem) of the University of the Philippines System (UP) was compromised and renamed into “takashi murakami” and apparently promoting an airdrop. The airdrop supposedly came from a certain “Murakami Flowers Seeds,” saying that the claim is free, but interested users must pay for gas fees. (Read more: NFT Scammers Hack University of the Philippines Twitter Account)
This article is published on BitPinas: Bored Ape Yacht Club Instagram and Discord Hacked, Several NFTs Already Stolen
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.