A hacked Instagram account led to a massive attack on the Bored Ape website, leading to the estimated theft of about $3 million worth of NFTs.
On Monday morning, the official Instagram account of Bored Ape Yacht Collection posted a link on their page. However, the Instagram page was hacked by the attacker, and the link was a phishing link. When users visited the link, they were notified of a special offer on the website. But as users tried availing the offer, the hacker accessed their wallets and stole their NFTs.
Greg Solano, the co-founder of BAYC, confirmed that four BAYC NFTs were stolen in the attack, along with other related projects like seven from the Mutant Apes collection and three from Kennel Club collections. Solano emphasized that the Instagram page was secured from the company’s side, as well as promising that “nothing important will ever get posted on Instagram again.”
This is not the first time Bored Ape NFTs were subject to cyber theft. Many users have fallen prey to phishing and social engineering attacks in the past which caused them to lose access to their NFT wallets. However, this marks the first time that the company itself was compromised in an attack.
Twitter user Zachxbt, who routinely investigates NFT frauds, estimated that about $3 million worth of NFTs were stolen in the attack. He also called upon BAYC to launch an in-depth investigation into the matter. Meanwhile, BAYC has set up a hotline for users impacted by the attack.