After using a link to an airdrop scam on the Bored Ape Yacht Club (BAYC) official Instagram account and Discord server, hacker(s) managed to steal millions of dollars worth of their non-fungible tokens.
The hacker cheated users by using a link that promised to mint free land in the project’s imminent metaverse Otherside. The fraudulent URL allowed the hacker/s to access the marks’ MetaMask wallets.
Automatically, once clicked on the link it enacted a safetranferFrom function. Which allowed the hacker to transfer any NFTs stored in the MetaMask wallet. Among the stolen NFTs through the fake airdrop is a Clone X NFT worth nearly $54,000.
According to CoinDesk, who cited data from OpenSea, 24 Bored Apes and 30 Mutant Apes were stolen. That is worth close to $14 million. But, a statement from Yuga Labs said that the figure was much lower than that.
- The Crystal Method to Launch First Major Music Video NFT
- A $350,000 Bored Ape NFT Was Sold Mistakenly for Only $115
“Roughly estimated losses due to the scam are 4 Bored Apes, 6 Mutant Apes, and 3 BAKC (Bored Ape Kennel Club), as well as assorted other NFTs estimated at a total value of ~$3m. We are actively working to establish contact with affected users,” Yuga Labs said.
Yuga Labs’ pseudonymous co-founder Gargamel said in a tweet that security practices “were tight on Yuga’s end”. He also stated that the IG account would no longer be used for important announcements.
Until the end of the investigation, the company would not be posting anything on the BAYC or Otherside IG profiles. The only official source of information would be its Twitter profiles. However, now it is working with Instagram to find out how their accounts were compromised.