Last week, a hacker managed to steal around 54 high-value NFTs from Bored Apes Yacht Club after breaking into the official Instagram site and Discord server. As one of the industry’s most prolific and successful blue-chip NFT collections, BAYC is a massive target- making the hit even more troubling.
Information is coming through slowly about the specifics of the hack: here is all we know up until now.
About the Hack
Yuga Labs- the owners of Bored Apes- officially recognized the attack on Monday 25th of April. Although most details have been kept under wraps, we do know that at least 54 of the iconic blue-chip NFTs were stolen, with a reported floor value of around $13.7 million.
We also know how the hacker gained access. A copycat link to the official Bored Apes Yacht Club was fraudulently posted. Users were later asked to connect their MetaMasks to participate in an airdrop- straight into the hacker’s digital wallet.
Those who fell victim to the scam had their wallets cleared of NFTs, transferring them all to the thief through the fraudulent airdrop. Steps are now being taken to catch and contact the hacker to reach a settlement.
The Stolen NFTs
As just about anyone involved in NFTs knows, Bored Apes Yacht Club is one of the biggest names in non-fungible collecting. It also happens to be the name of choice for many big-name celebrities, including Justin Bieber, Tom Brady, Kevin Hart, and even Madonna.
The 10,000-strong collection is a powerhouse for mega investors, attracting seriously impressive bids. Many of these NFTs sell for millions of dollars without breaking a sweat.
By hacking the Discord server and pulling off a successful phishing attack on a brand this powerful, the hacker has stirred up a lot of concern about the safety of NFT investing in general.
Again, the exact number of BAYC NFTs lost in the attack is as of yet unknown, but the number of confirmed thefts currently sits (at the time of writing) at 54. Although the value of the losses is reported as $13.7 million, this is a floor-price estimate and could be well below the actual damage.
Recent Similar Attacks
Sadly, this is not an isolated event within the crypto industry. Just last month, a blockchain developed by Sky Mavis- Axie Infinity Ronin- lost $625 million after being exploited by hackers. Last year, Beanstalk Farms had around $182 million stolen.
Although this is arguably the largest NFT theft, so far, it is also not the first. Opensea users also fell victim to a scam at the beginning of this year when hundreds of NFTs disappeared from wallets due to a loophole in the system.
As hackers get stronger, the only move is to find a way to enhance security, better protect investors, and push for harsher punishments for those who steal crypto assets.
What Steps Are Being Taken?
Yuga Labs is reportedly reaching out to the hackers to agree to a settlement. The site immediately removed all links and alerted users of the attack to limit the effects and locate the malicious account.
Unfortunately, there is currently very little punishment for crimes affecting cryptocurrency and NFTs because of a lack of understanding of the industry. This is beginning to change, with more countries looking to make it a criminal offense.
The United Arab Emirates was one of the first countries to impose laws, which came into effect earlier this year. Crypto hackers and scammers are now subject to up to five years in prison.
Sadly, the US is yet to pass such a law, although new rule propositions were made in New York last week. Senator Kevin Thomas suggested a move to add these types of scams and hacks to the list of criminal offenses, therefore making them punishable by law.
According to Chainalysis, roughly $7.7 billion worth of crypto assets has been stolen by hackers and scammers in the last few years. Hopefully, this latest attack on such a prolific brand is the difference-maker pushing the government to take action to protect investors and their assets.