Almost 150 NFTs from the Bored Ape NFT collection, worth $13,582,962, have been stolen since its inception, a report reveals.
Immunefi, a Web3 security firm, released their report on Tuesday which collected data from the launch of Bored Ape Yacht Club in June 2021 till August 2022. According to the report, 143 Bored Ape NFTs have been reported stolen by their owners since the collection’s launch, through a variety of scams.
Two primary events are considered the culprits behind the massive theft. The first one occurred in April this year when the BAYC Instagram page was hacked and posted a malicious link. When users clicked on the link, their Ethereum wallets were emptied almost instantly. The other theft occurred in June when a phishing link was posted on the BAYC discord server. It was posted from the account of a server mod, who was hacked previously. Users who visited the link had their personal information – including details of their NFTs – stolen from them.
For the report, Immunefi relied mostly on OpenSea – the NFT marketplace – and which BAYC NFTs they had flagged for suspicious activities. Alejandro Muñoz-McDonald (software engineer at Immunefi) said that once stolen, it is very hard to recover the NFTs as the IP rights go out along with them. He also mentioned that the hackers re-route the NFTs through multiple accounts to obscure their provenance and then sell it again on the market.
While Bored Ape is the most popular NFT series in the market right now, it is not the lone target of hackers. Last week, another report by blockchain analysis firm Elliptic revealed a larger threat of attacks. According to the report, more than $100 million worth of NFTs has been stolen between January and July of this year alone. The report also mentioned that more than half of the stolen assets used a service called Tornado Cash to launder the stolen NFTs; the service was put under US sanctions this month.