In the latest exploit, some users have lost their Bored Ape Yacht Club (BAYC) and other NFTs after the project’s Instagram was hacked, directing users to a malicious website that promised an airdrop of virtual land.
According to on-chain sleuth, zachxbt, the hacker stole 91 NFTs in total, including four Bored Apes, and seven Mutant Apes. Just those 11 NFTs are worth $2.6M going by current floor and ETH prices as of Apr. 25.
zachxbt also shared the address of the attacker’s wallet whose value can be seen spiking and then falling as the attacker offloaded the NFTs.
The Bored Apes site looks to have redirected the Instagram favicon back to its homepage in order to minimize the damage.
Not The First Time
BAYC holders have often been successfully targeted by scammers in the past, leading prominent crypto commentator Cobie to call for a change. “Yuga Labs or ApeCoinDAO should create a custody service asap,” he tweeted.
Cobie went on to outline a model whereby users could hold a proxy BAYC NFT in their active wallet, but the original would be held by an official BAYC entity and only be redeemable by its owner after an identity verification process.
Other influencers piled on with arguably less constructive posts — DegenSpartan posted a fake form asking his 137,000 followers to submit their seed phrases with a spoof bonus for BAYC holders. BAYC holders giving up their private keys, which hands over control of their wallets, has become a running joke in crypto.
In response to the hack, BAYC co-founder Gargamel, tweeted that “nothing important will ever get posted on Instagram again.”