The phishing attack coincided with the one-year anniversary of BAYC’s launch, leading many users to believe that the link was authentic.
As told by Bored Ape Yacht Club (BAYC) developers on Monday, hackers breached the popular nonfungible token, or NFT, collection’s official Instagram page and shared links to a fake airdrop with the project’s followers.
Crypto enthusiasts who connected their MetaMask wallets to the scam website were subsequently drained of their Ape NFTs. It appears that the attack was planned to coincide with the one-year anniversary of the launch of the BAYC collection, thus increasing the “perceived credibility” of the phishing link.
Unconfirmed reports on social media indicate that approximately 100 NFTs were stolen during the phishing attack. Based on data from CoinGecko, the floor price of each BAYC NFT is around 139 Ether (ETH), or $400,726. Thus, if the reports are authentic, more than $40 million worth of assets could have been lost in the attack. However, the numbers may only represent the lower end of the estimate as it is based on floor price.
There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
At the time of publication, it is unclear how hackers gained access to the BAYC official Instagram. While social media users point out the importance of two-factor authentication as an effective deterrent against unauthorized logins, others say that such methods are not entirely foolproof and can be, in fact, compromised via a SIM-card swap.
BAYC has grown to become an all-time favorite NFT collection in the crypto realm, generating more than $1 billion in sales in 2021. The collection’s supply is fixed at 10,000 NFTs. More than 38,748 ETH worth of Apes were traded on OpenSea in the past 30 days.