On the official Instagram account of Bored Ape Yacht Club (BAYC) developers, unknown people posted information about the distribution of tokens and stole 91 NFTs worth $2.8 million from deceived users.
The BAYC developers themselves tweeted about the incident. The fake Instagram announcement was about some kind of upgrade and giveaway of LAND tokens. To take part in the distribution, users had to connect their Metamask wallet. To lure customers, the attackers used the Bored Ape roadmap, which includes a game with elements of the metaverse and virtual lands. When users connected their wallets and confirmed the transaction, they forfeited their non-fungible tokens.
The wallet of the hacker who carried out the phishing attack contains 91 NFTs. According to Zerion, the value of the stolen NFTs is at least $2.8 million, including four NFTs from the Bored Ape Collection (BAYC), six Mutant Apes (MAYC), and three NFTs from the Bored Ape Kennel Club (BAKC). The hacker also stole one CloneX and items from other collections: EightBit, Alien Fren and Toxic Skull Club.
The BAYC team reported that the issuance of tokens was immediately suspended. Users are advised not to release anything, not to click on suspicious links, and not to link their wallet to anything. BAYC added that two-factor authentication was enabled for their account. They also promised to contact affected customers.
This is not the first time the BAYC project has been hacked. In April, developers reported that their Discord account had been hacked, and at least four collectible tokens were stolen in a phishing attack.
