The Instagram account of the Bored Ape Yacht Club was hacked, and NFTs worth $3 million were stolen

Hackers made off with $3 million worth of non-fungible tokens (NFTs) from the world's most popular exchanges.



After getting access to the Instagram account belonging to the Bored Ape Yacht Club (BAYC) collection, hackers made off with nearly $3 million worth of some of the world's most popular NFTs.


Once inside, the hackers posted a message that included a link to a cloned version of BAYC's official website as well as a free crypto token offer.


Anyone who attempted to collect the free tokens by authenticating and connecting their digital wallets to the bogus site instead granted the hackers complete access to their NFTs and other cryptoassets.


"Yuga Labs and Instagram are presently looking into how the hacker got access to the account. We're currently looking into it "Yuga Labs, the proprietors of BAYC, issued a comment.


According to the firm, the Instagram account was secured with two-factor authentication. A request for comment from Instagram was not returned.


Owners of hacked Bored Apes, Mutant Apes, and Bored Ape Kennel Club NFTs lost a total of four Bored Apes, six Mutant Apes, and three Bored Ape Kennel Club NFTs valued around $3 million, according to Yuga.


According to tracker DappRadar, the average price of a Bored Ape, which is among the most popular and sought-after, is currently more than $430,000.


It's not the first time criminals have targeted wealthy cryptocurrency investors, nor is it the first time BAYC has been hacked.


A phishing assault cost 17 customers of the NFT marketplace OpenSea a large number of tokens earlier this year. Others have been duped by hackers who sold them NFTs that turned out to be unlicensed counterfeits.


"We witnessed a hacker breach an Instagram account to build up an extensive fraud in this instance," said Ari Redbord, a former federal prosecutor who is now the head of legal and government affairs at TRM Labs, a blockchain intelligence firm.


"We are seeing more and more hacks and scams perpetrated on crypto businesses - from exchanges to Axie Infinity to NFTs. One thing that many of these hacks have in common is social engineering and some degree of human error."

Because the BAYC Instagram account employed two-factor authentication, according to Ronghui Gu, CEO of blockchain security firm CertiK, hackers most likely got access to the account by deceiving an administrator through social engineering.


This scam includes gaining someone's trust by leveraging personal or professional information, which allows a scammer to elicit further data or credentials for a sensitive or valuable account.