This Yuga Laboratoriescompany responsible for collecting immutable tokens (NFTs) It confirmed a vulnerability known as Bored Ape Yacht Club, which was exploited on Monday, 25th.
Cybercriminals managed to hack official Instagram account and servers conflict It is protected by the collection, by placing a fake link on these channels that leads to cryptocurrency theft.
The scam is a classic example of phishing: The address made a false promise of free delivery of tokens from the future Otherside metadatabase and required login to the platform from a virtual cryptocurrency wallet. metamask. Whoever put the data on the site had their credentials stolen and transferred the NFTs to other owners.
Damn BAYC Instagram hacker stole 4 BAYC, 7 MAYC, 3 BAKC, 1 CloneX and more (91 NFT in total)
Hacker Address: https://t.co/0ngJ4SKV4G pic.twitter.com/9U2OGPKMmP
– zachxbt (@zachxbt) 25 April 2022
in the official noteYuga Labs claims it quickly detects unauthorized activity and removes fake addresses, and also enables two-factor authentication on accounts by default. On Monday, the creation of NFTs from the collection was suspended.
How much was stolen?
So far, there has been a discrepancy in information about the values and amount of NFTs that will be stolen with the invasion. Initial analyzes on the blockchain hosting the collection’s transactions noticed high token movement and a loss that could exceed $13.7 million.
YugaLabs claims the scam is much smaller than originally reported: four NFTs from the Bored Ape collection, six from the Mutant Apes and three from the BAKC group, and other less valuable tokens were stolen. With many users changing their account hosting tokens for security reasons, the total loss would be around $3 million.
In early April, the Bored Ape Yacht Club Discord server was already hacked and used in another similar scam. In late March, the game’s transaction verification platform, Axie Infinity, was also seized in a scheme that embezzled $625 million.
Source: Tec Mundo
