A hacker stole 91 NFTs from users who connected their wallets to receive airdrops that appeared to be phishing scams. The NFTs stolen are worth at least $2.8 million.
The whole phishing operation was carried out through the official Bored Ape Instagram account, despite the warnings by BAYC on Twitter reporting that Instagram was hacked. When the Instagram account was accessed, hackers posted a fake update claiming there was a LAND airdrop and users had to connect their wallets to claim the airdrop. When users connected to their wallets — and likely approved a transaction — the website stole their NFTs.
Among the stolen items are four Bored Apes, six Mutant Apes, and three Bored Ape Kennel Club NFTs. The hacker also stole one CloneX and items from other up-and-coming collections like EightBit, Alien Fren, and Toxic Skull Club among others.
“We will be in contact with the users affected and will post a full post-mortem on the attack when we can. For now, I would like to stress that 2FA was enabled on the account,” tweeted Bored Ape co-founder Garga.
This incident is the latest high-profile NFT theft to occur following the hacking of a BAYC-related platform. Earlier in April, Bored Ape’s Discord server was hacked and a similar phishing attempt was made but the hacker only succeeded in stealing one Mutant Ape. Although many Bored Ape holders have lost their NFTs due to a variety of other phishing attacks and NFT marketplace issues.