Yesterday saw the hack of the official Instagram page and Discord server of the Bored Ape Yacht Club NFT collection. Amongst the illegitimate ongoings, a fraudulent ‘mint link’ was sent to followers, which claimed users could mint ‘land’ in the upcoming Otherside metaverse project.
As you may’ve expected, the wallets of those who clicked the link became compromised, with data from CoinGecko suggesting that over 100 NFTs from the Bored Apes, Mutant Apes, and BAKC collections were stolen (which, by way of floor price, would amass value of around $40 million). That being said, Yuga Labs (BAYC IP owners) are reporting smaller scaled figures, as at a time when 54 NFTs were said to be stolen, the company claimed only 4 Bored Apes, 6 Mutant Apes, and 3 BAKC NFTs had been lost.
At 10:58AM ET, BAYC officials were finally able to alert the community of the hack, as well as remove all fraudulent links from the hacked accounts.
????There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
As of now, it is still unclear as to how the hackers gained access to the accounts. However, commentators have pointed out the importance of two-factor authentication as an effective deterrent against unauthorised log-ins (despite others suggesting that a simple SIM-card swap can make such protocol redundant).
Irrespective of the method of access, as well as how many NFTs were stolen, the hack is a reminder that near enough any collection (and corresponding community) is at risk of succumbing to illegitimate activity within this Wild West space. On a different note, it will also be interesting to see how much the hack plays in the minds of the Bored Ape community, as it transcends into the Otherside metaverse on April 30th.