Dozens of Pricey NFTs Stolen After BAYC Instagram Hack

The Instagram account belonging to NFT project Bored Ape Yacht Club (BAYC) was compromised Monday, paving the way for the theft of more than a dozen individuals’ digital valuables.

In a tweet, BAYC said a hacker posted a fake link to a copycat website, along with a false airdrop. The airdrop prompted users to sign a so-called “safeTransferFrom” transaction, which transferred the NFTs to the hacker’s wallet.

A safeTransferFrom transaction is a function within Ethereum designed to check for the eligible ERC-721 token standard transfer of an NFT (non-fungible token) from the owner to the recipient.

“Immediately upon discovering the hack, we alerted our community, removed links to the compromised IG account from our platforms and attempted to recover the account,” BAYC tweeted.

The account was hacked despite BAYC employing two-factor authentication and following security best practices, it said in a follow-up tweet. BAYC has launched an investigation in an attempt to discover how the hacker gained access.

According to BAYC’s co-founder “Garga.eth,” four Bored Apes, six Mutant Apes, three Kennels and other “assorted valuable NFTs” were transferred to the hacker. Based on the marketplace’s floor price, it is estimated the value of the hack is upwards of $10 million.

According to the project’s OpenSea account, around nine Bored Ape NFTs have been flagged for suspicious activity. Mutant Apes and Kennels have yet to be flagged.

“We will be in contact with the users affected and will post a full post-mortem on the attack when we can,” Garga said. “For now I would like to stress that 2FA was enabled on the account.”

---

Get the news in your inbox. Explore Blockworks newsletters:

• The Breakdown: Decoding crypto and the markets. Daily.
• 0xResearch: Alpha in your inbox. Think like an analyst.