Dozens of Pricey NFTs Stolen After BAYC Instagram Hack

The hack resulted in the theft of four Bored Apes and six Mutant Apes, among other digital collectibles

article-image

BORED APE YACHT CLUB NFTS OWNED BY APE DAO VIA ROLLINGSTONE

share

key takeaways

  • The stolen NFTs are estimated to be worth upwards of $10 million, based on the floor price of the hacked digital collectibles
  • BAYC’s co-founder “Garga.eth” said four Bored Apes, six Mutant Apes, three Kennels and other “assorted valuable NFTs” were transferred to the hacker’s address

The Instagram account belonging to NFT project Bored Ape Yacht Club (BAYC) was compromised Monday, paving the way for the theft of more than a dozen individuals’ digital valuables.

In a tweet, BAYC said a hacker posted a fake link to a copycat website, along with a false airdrop. The airdrop prompted users to sign a so-called “safeTransferFrom” transaction, which transferred the NFTs to the hacker’s wallet.

A safeTransferFrom transaction is a function within Ethereum designed to check for the eligible ERC-721 token standard transfer of an NFT (non-fungible token) from the owner to the recipient.

“Immediately upon discovering the hack, we alerted our community, removed links to the compromised IG account from our platforms and attempted to recover the account,” BAYC tweeted.

The account was hacked despite BAYC employing two-factor authentication and following security best practices, it said in a follow-up tweet. BAYC has launched an investigation in an attempt to discover how the hacker gained access.

According to BAYC’s co-founder “Garga.eth,” four Bored Apes, six Mutant Apes, three Kennels and other “assorted valuable NFTs” were transferred to the hacker. Based on the marketplace’s floor price, it is estimated the value of the hack is upwards of $10 million.

According to the project’s OpenSea account, around nine Bored Ape NFTs have been flagged for suspicious activity. Mutant Apes and Kennels have yet to be flagged.

“We will be in contact with the users affected and will post a full post-mortem on the attack when we can,” Garga said. “For now I would like to stress that 2FA was enabled on the account.”


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

ao cover.jpg

Research

Arweave recently launched the testnet for AO computer, a new messaging protocol that will sit atop a PoS network and aims to become a scalable global compute platform through parallel processing and modularity.

article-image

Plus, a Bored Ape burger restaurant closes, and Crypto: The Game presses on

article-image

Bitcoin scarcity is a meme, with or without the halvings

article-image

The current state of blockchain interoperability poses an existential threat to the mainstream adoption of blockchain technology as a whole

article-image

The fighting in pro wrestling is largely fake and the outcomes are mostly pre-determined, similar to Ethereum’s relationship with the crypto ecosystem

article-image

Shakeeb Ahmed was tied to two hacks, and the DOJ first filed an indictment against him in July of last year

article-image

HashKey is expected to be among the issuers who receive the green light, according to the report.