It’s complicated being the Bored Ape Yacht Club; on one hand, you’re one of the most famous NFT collections in the world and have celebrities like Madonna as customers. On the other hand, being the most famous NFT collection in the world means you are constantly the target of hack campaigns and scammers.
Earlier this month, it was reported that the Ape Club Discord channel had been attacked and at least one NFT stolen as a result. It seems the attacks have not ended as both the collection’s Discord and Instagram pages were hacked, leading to millions in losses for buyers.
The Great Ape Heist
While this is the second attack that the Bored Ape Yacht Club is suffering in a single month, there are few differences between the two. While the collection’s Instagram was hacked as well, the scam was run in a similar way; a link was posted that promised users a chance to mint rare NFTs.
Once the link was clicked, users were prompted to connect their wallets to get access to an airdrop. However, this gave the scammers access to their wallets and they were then able to steal their existing NFTs.
Soon after reports of the hack broke, the Bored Ape Club clarified via its official Twitter account that no mint was taking place and warned users not to click the links being posted.
“There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything,” the official tweet said.
But some damage had already been done. According to Twitter user Zachxbt, several NFTs from collections such as the Bored Ape Club and CloneX had already been stolen. By their estimate, almost $3 million worth of NFTs has been taken by the hackers.
How to Secure NFTs
Naturally, this incident trended on social media and once again, brought up the discussion of digital asset safety and the role that collections and platforms have to play in securing their buyers’ assets.
While most NFT users are aware of the basics of wallet security, a link posted on the verified page of a platform like the Bored Ape Club is likely to be trusted. The scammers clearly know that and the plan clearly worked to an extent.
But what role do the platforms themselves have in this? This is the entire basis of the lawsuit that has been brought against OpenSea. The plaintiffs in the lawsuits have alleged that OpenSea did not do enough to protect them and allowed for internal bugs that led to the loss of their assets.
While there is no telling if any actions, legal or otherwise, will be taken with regard to the latest Bored Ape Yacht Club attack, it does reiterate to NFT owners how vulnerable they could be to hackers.
One of the basics of these is not clicking on links promising free airdrops without thorough vetting, even if it is from the world’s top NFT collection.