The Instagram account belonging to the popular NFT collection Bored Ape Yacht Club (BAYC) was hacked on Monday. According to BAYC itself, the hacker used the access to launch a phishing scheme that stole millions of dollars in non-fungible tokens (NFTs) from the account’s followers.
BAYC, run by the cryptocurrency company Yuga Labs, revealed what had happened on Twitter early Monday morning, warning community members to steer clear of the scheme. In an email to Gizmodo, a BAYC spokesperson confirmed details of the incident. “At 9:53am ET, we alerted our community, removed all links to Instagram from our platforms and attempted to recover the hacked Instagram account,” they said.
The hacker allegedly used the compromised account to redirect community members to a phony BAYC website. There, they advertised a fake airdrop. Airdrops are a crypto marketing technique in which companies will send out newly minted tokens for free to community members to encourage engagement with certain projects. In this case, the hacker claimed to be offering access to an upcoming Bored Ape project, Motherboard reports, and encouraged users to connect their MetaMask crypto wallets to the site. However, when users did so, the site sucked the digital assets out of their wallets and transferred them to the hacker’s wallet.
All told, some 134 NFTs appear to have been transferred to the hacker’s wallet on Monday morning, a number of which were Bored Ape assets, Motherboard reports.
“Rough estimated losses due to the scam are 4 Bored Apes, 6 Mutant Apes, and 3 BAKC [Bored Ape Kennel Club], as well as assorted other NFTs estimated at a total value of ~$US3m,” a BAYC spokesperson told Gizmodo. “We are actively working to establish contact with affected users.”
It’s not at all clear how the hacker managed to get inside the BAYC Instagram account. “At the time of the hack, two-factor authentication was enabled and security surrounding the IG account followed best practices,” the BAYC twitter claimed on Monday. “We’ve regained control of the account, and are investigating how the hacker gained access with IG’s team.”
We reached out to Instagram for more details on this incident and will update our story if they respond.
BAYC is a collection of 10,000 unique NFTs of computer-generated apes produced by Yuga Labs. Since their launch last April, the Apes have become wildly popular (and expensive), with the entire collection apparently driving over $US1 ($1..39) billion in sales worldwide. Like other NFTs, the apes are basically valuable because there’s only 10,000 of them. The scarcity of the assets means that, like a digital beanie baby, some deep-pocketed crypto fans are willing to shell out tens of thousands of dollars for individual pictures of a weirdly dressed monkey because there are only a few of them in existence.