Hackers Created a Fake Yuga Labs Website to Trick Collectors Into Handing Over $6.2 Million Worth of Bored Apes and Other NFTs

The attack targeted users of the Otherside universe, a project created by Yuga Labs.

People walk by a Bored Ape Yacht Club NFT billboard in Times Square on January 25, 2022 in New York City. (Photo by Noam Galai/Getty Images)
People walk by a Bored Ape Yacht Club NFT billboard in Times Square on January 25, 2022 in New York City. (Photo by Noam Galai/Getty Images)

Phishing scammers targeting the largest NFT mint in history have made off with millions in valuable Bored Apes (BAYCs) and other NFTs.

On May 1, hackers posing as the administrators behind the Otherside NFT, a new virtual game and metaverse by the creators of BAYC, Yuga Labs, lured crypto collectors by creating a fake website designed to look identical to the original before making off with approximately $6.2 million worth of BAYCs and other popular non-fungible artworks.

The attackers spread dubious links on Twitter to a website designed to look like Otherside’s official site, which then prompted users to link their NFT wallets.

According to the self-described “on-chain sleuth,” Twitter detective @zachxbt, three scammer wallets have been tied to the fraud. One of them, wallet 0xb87, robbed $1.03 million (369 ETH) worth of NFTs on May 1, including one BAYC and more than 30 plots of virtual land in the Otherside universe.

Two additional wallets, 0xa8 and 0x5d, withdrew another $5.1 million worth of stolen NFTs between the two of them. 

Many of the stolen NFTs have already been sold, with the proceeds laundered via Tornado Cash, a service that breaks on-chain links between source and destination addresses, which allowed the hackers to use it as a money-laundering service for their ill-gotten wealth. 

 

What Is the Otherside Mint?

On March 19, Yuga Labs tweeted that it would release a massively multiplayer online role-playing game (MMORPG) named Otherside, where players could deploy their BAYCs in a virtual environment. 

The event was one of the largest NFT mints in history, with the drop burning over $155 million worth of Ethereum (55k ETH) in gas fees alone. (Gas fees refer to the transaction costs that are passed onto the consumer as a hard price for transacting on the blockchain.)

The Otherside mint provided a roadmap for BAYC holders to mint exclusive land plots, with demand soaring on May 1, the first day of the drop, when the attackers saw a vulnerability. 

Phishing scams are as old as e-mail itself. But they highlight a growing problem within the NFT space, in which consumers have virtually no recourse when their collectibles are lost or stolen. 

In January, hackers stole NFTs valued at $2.2 million from New York art collector Todd Kramer. A month later, the world’s largest NFT marketplace, OpenSea, suffered an attack that saw pilferers make off with $1.7 million worth of NFTs in another phishing scam.

According to Check Point Research, in the autumn of 2021, MetaMask, a popular NFT wallet, lost about $500,000 in a targeted phishing attack. 


Follow Artnet News on Facebook:


Want to stay ahead of the art world? Subscribe to our newsletter to get the breaking news, eye-opening interviews, and incisive critical takes that drive the conversation forward.

Share