The Bored Ape Yacht Club (BAYC) community is investigating a hack where users appear to have lost NFTs. The mechanism appears to be via a fake mint link sent out to Discord and Instagram followers.
“There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything,” the BAYC Twitter account tweeted yesterday.
The hackers lured eager users with the fraudulent mint link claiming they could mint land in its “Otherside” Metaverse, set to launch this week.
The wallets of users who clicked the fraudulent link have also been compromised as the hackers gained access transferred assets, including BAYC NFTs.
On-chain digital asset sleuth “Zachxbt” shared a map of the hack’s asset movement:
Mapped out the hackers address here: pic.twitter.com/HLFFzRSnIn
— zachxbt (@zachxbt) April 25, 2022
It is being reported that 24 Bored Apes and 30 Mutant Apes were stolen at time of writing. The total value of the stolen NFTs currently stands at $13.7 million as per current floor price.
4 BAYC, 7 MAYC, 3 BAKC, 1 CloneX, and a number of other NFTs (91 NFTs) were siphoned, with numbers still being confirmed.
BAYC co-founder “CryptoGarga” addressed the issue and said that the team would contact all affected users, adding that a post-mortem would be released. He emphasised that 2FA was enabled on the Instagram account and that security protocols were up to an extremely high standard.
The IG hack resulted in 4 Apes, 6 Mutants, 3 Kennels, and some other assorted valuable NFTs being lost. We will be in contact with the users affected and will post a full post mortem on the attack when we can. For now I would like to stress that 2FA was enabled on the account. https://t.co/bsc3tHt9QG
— Garga.eth (@CryptoGarga) April 25, 2022
It remains unclear how the Instagram and Discord servers were compromised.