It’s a rough day for some Bored Ape Yacht Club (BAYC) holders who lost their NFTs to today’s Instagram hack. Evidently, a scammer was able to hack the official BAYC Instagram and post a scam link. The people who fell for the scam, including some BAYC holders, sadly lost their NFTs in what is one of the most common NFT scams today.
How did the BAYC Instagram hack happen?
After news of the Instagram hack spread across Twitter, the accounts for both BAYC and Yuga Labs Co-founder Gargamel confirmed it. Then, the BAYC Twitter account posted a short thread explaining what had happened.
To sum up, a hacker gained access to the BAYC Instagram account and posted a fake link. The link, made to look like the site for a nonexistent metaverse land airdrop, led some people to connect their wallets. The fake site then prompted people to sign a ‘safeTransferFrom’ transaction, which sent their assets to the scammer’s wallet.
Without a doubt, this was another example of scammers taking advantage of people’s excitement and FOMO to steal NFTs. In this case, they leveraged the anticipation for Yuga Labs’ upcoming land sale for its metaverse, Otherside. Yuga Labs’ recent announcement of the April 30th mint date for its Otherside has naturally led to mass excitement and curiosity.
Etherscan data on the scammer’s wallet (now marked as a scam wallet) showed that the thief was able to steal many high-value NFTs. This included 4 BAYC NFTs, 7 MAYC NFTs, 3 BAKC NFTs, and 1 CloneX NFT. The scam amounts to an approximate value of $2.8 million in stolen assets. Evidently, some of the stolen NFTs were quickly listed on LooksRare.
Yet more people fall victim to the fake mint website NFT scam
This unfortunate incident with the BAYC Instagram is just another sign that NFT hacks and scams are alive and well. To be sure, individual NFT holders falling for scam links in Discord or from fake verified accounts is nothing new. However, this is likely the biggest example of a major NFT project having one of its official social media channels compromised.
According to Yuga Labs’ tweeted statement, the Instagram account had two-factor authentication enabled and followed best security practices. They are still investigating exactly how the hacker was able to gain access to the account.
Yuga Labs has asked anyone affected by the hack to contact them via [email protected]. Furthermore, they’ve reminded their followers that they will never announce any mints via Instagram. Rather, all important announcements will come directly from the BAYC, Yuga Labs, or Otherside Twitter accounts. In addition, announcements will be cross-posted in the announcement channel of the BAYC Discord.
On the bright side for Yuga, it doesn’t appear that the BAYC Instagram hack has put too much of a damper on the Otherside mint. In fact, the Otherside Twitter account posted the first big pieces of information about the mint process, hours after the hack announcement.