On Monday, the official Instagram profile of Bored Ape Yacht Club (BAYC) was compromised to advertise a false phishing URL intended to defraud owners of millions of dollars in non-fungible tokens (NFTs).
Although OpenSea, the biggest NFT marketplace, has blocked the address suspected of being linked with the hack, blockchain data indicate the questionable address has dealt with LooksRare.
As per the BAYC, the compromised account promoted a bogus airdrop on Instagram, enticing users to sign a “safeTransferFrom” transaction that moved their funds directly to the wallet of the hacker.
The IG hack resulted in 4 Apes, 6 Mutants, 3 Kennels, and some other assorted valuable NFTs being lost. We will be in contact with the users affected and will post a full post mortem on the attack when we can. For now I would like to stress that 2FA was enabled on the account. https://t.co/bsc3tHt9QG
— Garga.eth (@CryptoGarga) April 25, 2022
The on-chain investigator zachxbt claimed that hackers stored the stolen assets using many addresses. NFT Discord and Twitter accounts, along with the official BAYC Discord channel, were compromised to conduct identical BAYC giveaway hoaxes earlier in April.
Including a report from Atlas VPN, NFTs were a major target for hackers in Q1 of 2022, with 20 intrusions and roughly US$49 million in losses.