The Bored Ape Yacht Club NFT has become a staple of crypto culture. As one of the world’s most famous collections of NFTs, it is also a prime target for scammers, hackers, and other unsavory players.
As the realm of NFTs expands, so does the sophistication of exploits and hacks. Over the weekend, this was a major exhibit as sophisticated planning led to the massive Bored Ape collection robbery.
boring monkey blues
Hacks and exploits targeting Bored Ape owners are nothing new.A case study of the past year’s collection period: from a Hollywood actor Seth Green,Overall Mismatch exploitWe’ve seen a whole garden of successful BAYC exploit attempts.
Through no fault of Yuga Labs, these exploits continue to reveal just how important wallet security is to owners of popular NFT collections. Additionally, these types of exploits are not exclusive to the Bored Ape Yacht Club and are typically present in all major “good” NFT collections.
The latest example of all this happened over the weekend and involved an incredible level of social engineering. Today, we provide a stark reminder to our community that meticulous care and attention to detail are not enough to protect assets.
Bored Ape Yacht Club has built a massive community and following, including a dedicated token, APE. | Source: APE-USD on TradingView.com
break the breach
In a recent breach, 14 Bored Ape Yacht Club NFTs were stolen through a sophisticated scheme involving a high level of social engineering from one owner.
This is state-of-the-art hacking and demonstrates the level of detail and work that abusers are willing to do in today’s world. In this case, the hacker was able to quickly liquidate his NFT for around 850 ETH, or just over $1 million.
Detailed thread from a popular web3 security analyst @snake Break down the story briefly and in detail.
In a social engineering scheme, hackers pose as casting directors for an LA-based studio and pay hefty fees to license NFTs. The studio exists, but the alias used by the hackers does not. However, fake emails from his domain, hours of phone calls, bogus partnership pitches, and other factors led to this robbery.
This plan was developed over the course of at least several months. Another example of how refrigerated storage is the safest option for high value NFTs. Signing and interacting with contracts can be quite risky unless you do your due diligence beforehand. As Serpent concluded in his thread, using multiple wallets, verifying identities, and not signing random signatures or transactions are important rules of thumb for NFT holders.