Bored Ape Yacht Club Social Media Hack - $2.4 Million in NFTs Stolen
I don't even really know how to start this post... But BAYC's social Instagram was hacked along with their Discord.
$2.4 Million NFT heist
Earlier today, it seems that the Instagram and Discord accounts for the Bored Ape Yacht Club were compromised. How it was pulled of has yet to be determined but I have written about these types of hacks in the past. I assume it was some kind of phishing or social engineering attack, not an actual hack but I honestly don't know. According to the official Instagram account, the account had 2-factor authentication enabled (probably just SMS if I had to guess lol) and security around the account "followed best practices".
Despite being secured by 2-factor authentication and supposedly following best security practices, the account was compromised. The bad actor was able to gain access to the account long enough to post a phishing link that was supposedly to claim a free airdrop. This link took users to a website that prompted them to connect their wallets in order to receive a free airdrop of land in the upcoming metaverse.
What really happened was the unfortunate people that clicked the link and connected their wallets... Automatically had their NFTs siphoned out of their wallets to the hacker's wallet which you can view on Etherscan here. Just have a scroll through the ERC-721 token transfers and you'll quickly see that tons of high value NFTs were siphoned into the wallet.
Normally I would laugh at the people dumb enough to click a random ass link and connect their wallet. The issue here is that these links were posted via the official social media accounts for one of the most sought after NFT projects that exist. So yeah, I actually do feel bad for the people that had their high value NFTs stolen. I sincerely hope that Yuga Labs makes them whole and at least offers compensation for their losses.
Immediately, the NFT started being sold and the hacker wallet transferred 761 WETH to a fresh wallet, that then started moving funds to exchanges. That's a whopping $2,289,849 in free money for some piece of shit that took advantage of a community. The blockchain doesn't lie though, so it's very traceable.
The funds were transferred multiple times and eventually ended up in a wallet holding over 1,000 ETH. 1,461 to be exact, which is over $4 million and if you look at the comments on Etherscan, everyone tags the wallet as a scammer.
Take a look at the hacker's wallet for yourself. I assume it's the same person (or group) since a ton of ETH was transferred from the phishing wallet people interacted with. I'm no detective though, so I can only make educated guesses. It doesn't take a rocket scientist to look at the hacker's wallet on Etherscan though, which can tell you a lot about what's happening here.
This wallet seems to be the landing wallet for multiple scams and hacks. Whoever controls it has a shitload of money and should be arrested for scamming and hacking. Unfortunately, this kind of thing is going to happen in a highly unregulated space... It happens in the real world every day right under the noses of law enforcement. Why wouldn't it happen where no regulators have decided to step in?
Don't click links, even when they're shared from official social media accounts. Remember, don't trust. Verify.
Be safe out there, frens.
Thanks for reading! Much love.
Links 'n Shit
| Play to Earn | Read emails, Earn Crypto | Get free crypto every day | Get a WAX wallet |
|---|---|---|---|
| Gods Unchained | ListNerds | PipeFlare | WAX.io |
| Splinterlands | GoodDollar | ||
| Rising Star | FoldApp |
Posted Using LeoFinance Beta
$4M worth of ETH? Wow! That's a huge wallet!
Airdrop, metaverse, and links posted on official channels: are the ingredients for a very attractive and promising offer. Very few are discerning enough to escape such a trap.
Thanks for this very timely warning about this unfortunate event:
I myself tend to lower my guard when I see links posted on official channels.
Posted using SoMee
I know, it's really hard to tell because it was from an official social media... But we just have to try and be vigilant against this kind of thing.
Posted Using LeoFinance Beta
Yes, thank you for that reminder.
!CTP
!PIZZA
I don't know if I really feel sad for the people in the bored ape club. However, I guess people need to be careful and make sure that the links are correct.
Posted Using LeoFinance Beta
Hard to tell when the links come from official accounts, but shit... It still sucks.
Posted Using LeoFinance Beta
If you aren't afraid of being a bit late then wait for like a few extra hours after making sure there isn't anyone else reporting issues.
Posted Using LeoFinance Beta
Great best practice right here.
Posted Using LeoFinance Beta
Oh my gosh, that is so unfortunate for those who have lost their coveted NFTs. We do need to be very wary of links even on official channels.
Posted Using LeoFinance Beta
I hope they try to compensate the ones affected.
Posted Using LeoFinance Beta
Hope so too, what a loss indeed.
Posted Using LeoFinance Beta
BAYC merch store be like
Posted Using LeoFinance Beta
Bro that shirt is fuckin awesome lol
Posted Using LeoFinance Beta
BAYC only
sellsgives away awesome stuff. It's their thing.Posted Using LeoFinance Beta
We could start a giveaway business.
Posted Using LeoFinance Beta
.
PIZZA Holders sent $PIZZA tips in this post's comments:
@rzc24-nftbbg(1/5) tipped @l337m45732 (x1)
You can now send $PIZZA tips in Discord via tip.cc!
Again?? Is it ever going to stop?
Posted Using LeoFinance Beta
Unfortunately, no.
Posted Using LeoFinance Beta