Bored Ape Yacht Club’s Instagram Compromised in $2.8 Million NFT Phishing Scam

Bored Ape Yacht Club’s (BAYC) Instagram account has been hacked in a phishing scam resulting in an exploit of US$2.8 million worth of NFTs:

Yuga Labs, the creator of BAYC, is investigating the attack, tweeting followers not to click on links or mint new tokens. The attacker stole 133 NFTs after using BAYC’s Instagram account to promote a fake “airdrop”. The scam promised people free tokens if they connected their MetaMask wallets to the site linked through the post.

No Compensation As Yet

It is not yet known how the hacker accessed the Instagram account, and Yuga Labs has yet to announce whether it will compensate those affected by the scam:

According to Yuga Labs, “At the time of the hack, two-factor authentication was enabled and security surrounding the Instagram (IG) account followed best practices.” It added: “We’ve regained control of the account, and are investigating how the hacker gained access with IG’s team.”

According to blockchain data, the hacker’s wallet, which has been identified in connection with the attack, holds 91 NFTs and is said to be worth US$2.8 million based on the floor prices of the respective collections. The attack has seen 24 Bored Apes and 30 Mutant Apes stolen.

Yet Another Attack on BAYC

The news of this latest attack comes only weeks after the BAYC Discord servers suffered a phishing scam which led its governance token to plunge by 20 percent. Another possible hack was witnessed a couple of weeks ago when a BAYC NFT worth US$350,000 was sold for just US$115. Many question whether it was an exploit or just a massive error.