Bored Ape Yacht Club NFTs heist. How come this keeps happening over and over again?

A group of cybercriminals managed to steal non-fungible token (NFT) worth about $3 million USD from the popular Bored Ape Yacht Club collection. Threat actors reportedly took control of the NFT collection Instagram account and posted a link to a fraudulent website from which the aforementioned assets could be stolen.

The attackers caught the attention of unsuspecting NFT collectors by offering a supposedly free token; these users followed the link posted on Instagram and connected their MetaMask cryptocurrency wallets to an address controlled by the hackers. Instead of receiving the aforementioned token, affected users found their wallets wiped out in minutes.

Shortly after, the project’s official Twitter account confirmed the attack: “Looks like BAYC’s Instagram was hacked; please don’t click any links or link your wallet to another site,” the message read.

Yuga Labs, creators of the Bored Ape Yacht Club, also confirmed that the attackers stole four Bored Apes, six Mutant Apes, and three Bored Ape Kennel Club NFT tokens, as well as other NFTs from various collections, mining assets totaling approximately $3 million USD.

The team behind the NFT collection claims to be actively working to establish contact with affected users, adding that the compromised account had multi-factor authentication and other security mechanisms enabled, so it is still unclear how the attack occurred. The investigation is still ongoing and updates are expected soon.

This is the second attack to hit BAYC in less than a month; In late March, the NFT project confirmed that its official Discord server had been compromised, putting hundreds of investors at critical risk of phishing. Shortly before the Discord server attack and in the context of the ApeCoin cryptocurrency launch, a hacking group stole more than $1.5 million USD through quick loan fraud.

These attacks are highly worrying for NFT developers, investors and enthusiasts, who have seen cybercrime as the main threat to the growth of these projects and their investment potential.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.