Skip to content

$1 million worth of BAYC NFTs stolen in Instagram phishing hack

  • by
  • 2 min read

After compromising the official Instagram account of the Bored Ape Yacht Club, a hacker used it to send phishing links to NFT holders that transferred tokens out of users’ crypto wallets, getting away with more than $1 million worth of BAYC tokens. 

The official BAYC Twitter account disclosed the hack on Monday morning, stating that the BAYC Instagram was hacked, and there is currently no minting going. However, BAYC’s warning came a bit too late for several users, as, by that time, the hacker had gotten away with more than a dozen NFTs from the Bored Ape, Mutant Ape and Bored Ape Kennel Club projects. 

While OpenSea has banned the hacker’s account from the platform, it can be seen from other platforms due to the decentralised nature of NFTs. As seen on Rarible, another popular NFT marketplace, The account currently has 113 NFTs, all presumably stolen from the phishing link hack. Rarible did not, however, show any BAYC NFTs in the account. 

According to The Vergefour BAYC Apes were stolen, all well into six figures based on their most recent sale prices. The lowest price Ape, #7203, last sold four months ago for 47.9 ETH, roughly equivalent to $144,000 at the current exchange price. The other three Apes were last sold for 88.88 ETH (Ape #6778), 90 ETH (Ape #6178) and 123 ETH (Ape #6623). The collective value of all four apes is well over $1 million. 

It’s not yet known how the hacker managed to compromised BAYC’s Instagram account. According to Yuga Labs, at the time of the hack, two-factor authentication was enabled, and the team running the Instagram account followed best security practices. They’ve regained control of the account and are investigating how the hacker gained access to the account. 

In the News: Elon Musk buys Twitter for $44 billion

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>