BAYC over a million worth of NFT reported stolen
Popular NFT gathering Bored Ape Yacht Club hardly needed any introduction, especially for someone who knows about crypto. It turned out to be a crucial part of digital collectibles from the NFT room. Being one of the most famous collections in the NFT market has also made it a popular target for scammers, hackers and other sketchy figures.
The sophistication of exploits and hacks is increasing as the NFT market expands. This was prominently on display at the weekend when a clever plot led to the theft of a significant portion of the Bored Ape collection.
Exploits and hacks targeting Bored Ape users are nothing new. Case studies around the collection go back well over a year; we’ve seen a wide range of effective BAYC exploit attempts, from exploits involving the entire Discord server to vulnerabilities involving Hollywood actor Seth Green.
These exploits continue to highlight how important wallet security is for owners of the well-known NFT collection, despite Yuga Labs not having any flaws. Furthermore, the majority of the main “blue chip” NFT collections contain these types of exploits, therefore Bored Ape Yacht Club is by no means the only collection that contains them.
The latest case of all this occurred over the weekend and involved extraordinary levels of social engineering, serving as a sobering reminder to society that being diligent and detail-oriented these days is not enough to secure your assets.
In the latest breach, 14 Bored Ape Yacht Club NFTs were taken from a single owner using a complex plan that included advanced social engineering.
The latest hacks show how much effort and attention to detail today’s exploiters are ready to put in. In this case, the hacker was able to quickly sell the NFTs for just over $1 million, or around 850 ETH.
An in-depth thread from a well-known web3 security analyst deconstructs the story briefly and in detail.
The hacker posed as a casting director at an LA-based studio looking to license an NFT in exchange for a substantial payment in the social engineering scheme; while the studio exists, the pseudonym the hacker used does not. However, hours of calls, fake partnership proposals, fake email domains and other factors were the driving force behind this theft.
The plan had been developed for at least a few months. Another illustration of why cold storage is the safest solution for high value NFTs and why contract signing or interaction can be extremely risky unless thoroughly vetted beforehand. Using multiple wallets, verifying identities and refraining from signing random signatures or transactions are crucial guidelines for NFT holders, the analyst stated in his thread.
Nancy J. Allen is a crypto enthusiast and believes that cryptocurrencies inspire people to be their own banks and step aside from traditional money exchange systems. She is also fascinated by the blockchain technology and its function.
