Yesterday’s Bored Ape Yacht Club NFT collection hack looks like mere tech criminality on the outset but may as well be politically motivated. This is according to Cooper Kunz – the Chief Technological Officer at social marketplace firm Calaxy – who has opined that the hacking incidence may have other sinister motives beyond financial because it is currently hard to launder an NFT already listed on public marketplaces like OpenSea.
“For a hacker in possession of an NFT now blacklisted on from OpenSea, their intention could not be financial. Instead, the attack may resonate with a political message. It appears that a reputation of naivety is being built around the Bored Ape community.”
“The impression is that they are not knowledgeable or well-equipped, and are being trolled as such.”
He said this narrative needs to be resolved from within the Bored Ape community before it solidifies.
Bored Ape Yacht Club (BAYC) NFT collection was compromised after hackers uploaded a fake advertisement on the collection’s Instagram account. Through the ad, they wooed followers into clicking a link to purportedly mint land or additional features to their NFTs for the upcoming ‘Otherside’ Metaverse, which is expected to be launched this week.
Unsuspecting users clicked on the link within the ad and this way gave hackers access to their crypto wallets, thus facilitating the hack. Users were asked to connect their MetaMask wallets to be able to mint land in this fake airdrop. They thus erroneously and without knowing, transferred their assets to a scammer wallet owned by the hackers. No legit minting was ongoing as per the ad. The BAYC Discord server was also affected. BAYC then later announced on Twitter that no such minting was ongoing.
At the end of the day, the hackers stole NFTs worth at least $13 million from the users. More than 24 Bored Apes and 30 Mutant Apes were stolen and resold cheaper. Other reports said some 77 additional NFTs were stolen during the heist. BAYC said it will follow up on the matter to unravel the individuals behind the heist.
Following this happening, NFT owners and customers need to take serious NFT security precautionary measures, said Kunz, including not trusting one-off promotional activities and making sure they connect to a secure website by typing the URL directly on the browser.
“Now that this hack has already taken place, it will be interesting to see the course of direction from Yuga Labs – will it replace the lost NFTs with its sizeable treasury?” he wondered.
Most of the stolen funds or $2.4 million came from just a few rare NFTs, said on-chain investigator Zachxbt, adding that most of the NFTs were sold for a value of $2.25 million and transferred through Binance and Kucoin exchanges. He has also exposed, through his Twitter account, some people and groups believed to be involved in the hack.