Hackers just stole millions of dollars’ worth of Bored Ape Yacht Club NFTs

An Instagram phishing attack has resulted in the theft of 91 Bored Ape Yacht Club NFTs, worth around $2.8 million.

BAYC, as its known in NFT circles, is run by Yuga Labs, one of the most mysterious NFT collectives in the space, which recently raised $450 million at a $4.5 billion valuation. 

See more

The exploit allowed the attackers to steal BAYC NFTs from wallets that were fooled into accepting a fake airdrop, which is usually a method for distributing free NFTs or other digital assets.

BAYC’s Instagram account was used to promote the LAND fake airdrop, according to The Block, which ties into the organization’s broader plans to release NFT-based games.

The attackers’ wallet received 91 NFTs from the saga, including four Bored Apes, six Mutant Apes and three Bored Ape Kennel Club NFTs, according to BAYC co-founder Garga. The attacker also stole various other digital assets. 

See more

Garga said the security practices on BAYC’s Instagram were “tight” and “nothing important will ever get posted on Instagram again.”

Another worrying Web3 exploit 

Whether you think Web3 is the future or not, one thing everyone can agree on is there are a lot of scams in the nascent space. Nearly every week people lose crypto assets worth something, from the recent $600 million Axie Infinity hack on downwards.

This is predominantly down to the extremely everyone-for-themselves nature of Web3 as it stands, often sitting outside any clear oversight. NFT owners must take extreme measures to protect their assets, including casting a sceptical eye over real-seeming airdrops. 

Even a well-funded and notable institution like BAYC isn’t immune, as the latest example proves. Back on April 1, BAYC also suffered a hack to its Discord server, for similar purposes.

See more

The fact that a startup with $450 million – plus the proceeds from selling its NFTs – can’t keep itself safe from hacks shows how far the Web3 industry has to go.