Using a link advertised on the account’s page, hackers compromised the wallets of several users and transferred around 134 NFTs valued at $2.7 million, Motherboard writes.
Bad links — The link that got everyone into this mess was advertising a new mint of “land” NFTs. Clicking the link gave the hackers control over the victims’ crypto wallets, allowing them to transfer several high-profile NFTs originally designed by Yuga Labs, the parent company of Bored Ape Yacht Club.
Bored Ape Yacht Club published a statement to Twitter (in threaded tweet form) providing some further explanation of what happened. “The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction,” Bored Ape Yacht Club writes. “This transferred their assets to the scammer's wallet.”
The group claims that two-factor authentication was in place “and security surrounding the IG account followed best practices.” Bored Ape Yacht Club has regained control of its accounts and is investigating what caused the breach.
Not the first time — Apes and plenty of other ridiculously overvalued NFTs have been stolen in the past — notably from OpenSea, the marketplace that’s trying to become the Amazon of crypto products — but it looks particularly bad when the company trying to make NFTs happen is the one inadvertently involved in the scam in the first place.