The non-fungible token market has just reported yet another million-dollar scam. Last Monday (25), the official profile of the Bored Ape Yacht Club (BAYC) collection of NFTs on Instagram was invaded by a hacker who used a phishing link to steal assets from users of the collection.
By using the account on the social network, the cybercriminal impersonated BAYC to announce an airdrop — a free token offer — for users or even individuals who had never purchased one of the NFTs in the collection. The invasion appears to have been engineered, as it took place on the same day that the collection completed one year of existence.
The problem is that the post was fake. The link actually caused several tokens from Bored Ape and other collections to be stolen from victims’ digital cryptocurrency wallets and transferred directly to the criminal.
Through Twitter, BAYC tried to alert its investors that no NFT minting was taking place and that the collection’s Instagram account appeared to have been hacked. The announcement was published at 10:58 am (Brasília time) on Monday.
🚨There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
But it was too late. In the same publication, several investors reported the loss of their Bored Monkey NFTs and other collections. Some lost their entire Bored Ape Yacht Club collection. Others have suffered even more from having cryptocurrencies stolen.
“I lost all my NFTs and cryptocurrencies because of this,” Twitter user @zaaa203 reported.
Lost all my nft and crypto because of this
— Brian (@zaaa203) April 25, 2022
The exact number of how many people were robbed is uncertain, but a Twitter account conducted an unofficial survey and estimated that the hacker obtained around 100 NFTs in this scam. Four of the stolen monkeys total US$ 1 million, which shows the scale of the accumulated damages.
Image: OpenSea/Reproduction
NFT market gap
While scams are risks in any segments, those involving non-fungible tokens appear to be slightly more delicate. These assets are usually allocated in wallets, but many of them (such as Metamask) support displaying NFTs only on smartphones.
Therefore, phishing links sent to emails, social networks or any other platform become much more harmful to investors. One click and all digital arts recorded on blockchain can magically disappear.
Yuga Labs, which owns BAYC, does not know how the hacker managed to access the Instagram account, but said that two-factor authentication was enabled at the time of the attack and that the security of the profile on the social network was in line with best practices. .
The company also said it is in contact with victims affected by the robbery. It remains to be seen whether they will be financially compensated after the loss.
Via: The Verge
