Unknowns have stolen a series of NFTs by posting a phishing link on Bored Ape Yacht Club’s Instagram account. The latter is the ‘exclusive’ group for owners of a jpeg with a bored monkey on it.
NFTs remain a magnet for robberies. The industry makes it a practice to give away free stuff to generate more hype, but that can also be used against those enthusiasts. It happened this week at Bored Ape Yacht Club, the so-called clubhouse of holders of a Bored Ape NFT. Those are jpegs of cartoon monkeys with a receipt on the blockchain, making them worth millions of dollars in certain circles.
This week, the brand’s Instagram account was taken over by a fraudster who posted a link to an ‘airdrop’. This would allow NFT holders to claim free ownership in the Bored Ape Yacht Club metaverse, a virtual world that does not yet exist. Unfortunately, the link turned out to be a phishing link, and those who clicked on it saw their NFTs stolen. In total, the loss of four NFTs from the Bored Ape Yacht Club series, which normally sell for a minimum of 145 ether, was reported, about 400,000 euros converted.
Also captured: six Mutant Ape Yacht Club NFTs, a new series of, er, mutated monkeys with a street value of 39 ether or 110,000 euros, and three Bored Ape Kennel Club NFTs, with pets for the otherwise very bored monkeys who live on such’ n 14 ether or 40,000 euros are traded. It would therefore be about 2.4 million euros worth of NFTs, which the attacker has already sold on another NFT marketplace.
The practice of airdrops is striking. Two of the series from which NFTs were stolen, the mutants and the dogs, were initially distributed via similar free airdrops. This may explain why so many NFT holders saw no point in clicking a phishing link that promises free stuff, something that under normal circumstances calls for some caution.
Yuga Labs, the company behind Bored Ape Yacht Club, says it has done nothing wrong. “We would like to point out that two-step verification was enabled for the (Instagram, ed.) account. The security around the account was watertight on Yuga’s side,” Gargamel, one of the founders of Yuga Labs, wrote on Twitter. “We’re never going to post anything important on Instagram again.”