Dozens of Pricey NFTs Stolen After BAYC Instagram Hack
The hack resulted in the theft of four Bored Apes and six Mutant Apes, among other digital collectibles
BORED APE YACHT CLUB NFTS OWNED BY APE DAO VIA ROLLINGSTONE
- The stolen NFTs are estimated to be worth upwards of $10 million, based on the floor price of the hacked digital collectibles
- BAYC’s co-founder “Garga.eth” said four Bored Apes, six Mutant Apes, three Kennels and other “assorted valuable NFTs” were transferred to the hacker’s address
The Instagram account belonging to NFT project Bored Ape Yacht Club (BAYC) was compromised Monday, paving the way for the theft of more than a dozen individuals’ digital valuables.
In a tweet, BAYC said a hacker posted a fake link to a copycat website, along with a false airdrop. The airdrop prompted users to sign a so-called “safeTransferFrom” transaction, which transferred the NFTs to the hacker’s wallet.
A safeTransferFrom transaction is a function within Ethereum designed to check for the eligible ERC-721 token standard transfer of an NFT (non-fungible token) from the owner to the recipient.
“Immediately upon discovering the hack, we alerted our community, removed links to the compromised IG account from our platforms and attempted to recover the account,” BAYC tweeted.
The account was hacked despite BAYC employing two-factor authentication and following security best practices, it said in a follow-up tweet. BAYC has launched an investigation in an attempt to discover how the hacker gained access.
According to BAYC’s co-founder “Garga.eth,” four Bored Apes, six Mutant Apes, three Kennels and other “assorted valuable NFTs” were transferred to the hacker. Based on the marketplace’s floor price, it is estimated the value of the hack is upwards of $10 million.
According to the project’s OpenSea account, around nine Bored Ape NFTs have been flagged for suspicious activity. Mutant Apes and Kennels have yet to be flagged.
“We will be in contact with the users affected and will post a full post-mortem on the attack when we can,” Garga said. “For now I would like to stress that 2FA was enabled on the account.”
Don’t miss the next big story – join our free daily newsletter.