Yuga Labs, the multibillion-dollar collective behind the infamous Bored Ape Yacht Club non-fungible tokens, has been targeted by another hacking attack, leading to the theft of millions of dollars worth of the simian NFTs.
BAYC’s series of algorithmically generated cartoon ape profile pictures is one of the best-known collections of NFTs – a digital asset or artwork whose ownership is stored on a blockchain, a decentralised ledger of transactions like those used by cryptocurrencies.
The attacker seized control of the BAYC Instagram account and sent a phishing post that many followers were fooled into clicking on, connecting their crypto wallets to the hacker’s “smart contract” – a mechanism for implementing a crypto transaction. That enabled the attacker to steal the assets held in the wallets, seizing control of four Bored Apes, as well as a host of other NFTs with an estimated total value of $3m.
“Instagram attacks are nothing new but often take an element of social engineering,” said Jake Moore, global cybersecurity adviser at the security firm ESET. “Unfortunately, however, this takeover has had a huge consequence and resulted in a mass robbery of digital assets. Similar to when physical art is stolen, there will be questions over how they would now be able to sell on these assets, but the problems in NFTs still prevail and users must remain extremely cautious of this still very new technology.”
As one of the most prominent NFT collections, with celebrity owners including Eminem, Gwyneth Paltrow and Madonna, BAYC holders are often targeted for attacks, with greater or lesser technical significance.