Hackers Broke Into Bored Ape Yacht Club’s Official Instagram and Made Off With Nearly $3 Million Worth of Stolen NFTs

It's not the first time hackers have targeted apes.

Image via OpenSea

Hackers have hit the apes once again.

On Monday morning, the Bored Ape Yacht Club’s official Instagram account was hacked and four of the NFTs, as well as other NFTs created by Yuga Labs, were stolen.

“This morning, the official BAYC Instagram account was hacked,” the Bored Ape Yacht Club tweeted yesterday afternoon. “The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction. This transferred their assets to the scammer’s wallet.”

Some users were duped into believing that if they clicked the link, they would be able to mint a new feature for their NFTs. Instead, it allowed the hacker to access and steal their Ethereum assets.

The digital sleuth known as Zachxbyt examined the addresses that interacted with the phishing site and estimated that about $3 million worth of NFTs were stolen, and the bulk of it—$2.4 million—came from just a handful of rare NFTs.

Once BAYC regained control of the account, they opened an investigation, with support from Instagram, into how the hacker gained access.

It advised those affected, or anyone who might have information, to reach out by email, and emphasized: “You need to contact us first—anybody contacting you first is not us. We will NOT reach out to anyone over email first, and we will NEVER ask for your seed phrase.”

BAYC did not immediately respond to a direct message seeking comment.

Bored Ape NFTs have been stolen before. In December, New York art dealer Todd Kramer tweeted a desperate plea, saying: “I been hacked. All my apes gone. This just sold please help me.”

Thieves had hacked his digital wallet and made off with at least 15 artworks—including five from the high-profile Bored Ape Yacht Club collection—worth an estimated $2.2 million.

The works were reportedly stolen from Kramer’s “hot wallet,” a tool that is continually connected to the internet, as opposed to the more secure, physical “cold wallet,” which must be plugged in to connect to the web. With the help of community members and online activists, Kramer managed to recover some of the works. 

A few weeks ago, a hacker also gained access to the Bored Ape Discord server via a phishing link placed in one of the channels. It resulted in the theft of at least one Bored Ape NFT.

The BAYC team said in a tweet that it had caught the issue immediately but warned users not to mint any NFTs using a Discord link. It also reminded users that it had no plans for any April Fools Day stealth mints.

  • Access the data behind the headlines with the artnet Price Database.