NFT Bored Ape marketplace gets hacked, people lose 'millions' in ape pictures

Some shitty apes.
(Image credit: Bored Ape Yacht Club)

Bored Ape Yacht Club, the best-known collection of NFT "art" and the impetus for the most painful segment in recent late night TV history, was hacked on Monday. Owning a Bored Ape up to this point has required forking out a ludicrous amount of cash for what I have to say are some of the least charming pieces of art I've ever seen. Nevertheless some folk believe that these apes are not, in fact, the 21st century equivalent of tulips: no, these apes will only ever become more valuable, presumably if the human race loses all aesthetic sense and its eyes collectively atrophy.

Sorry, where was I: the Bored Ape Yacht Club's Instagram page and Discord were hacked, and the culprits sent out messages on both about a new mint of NFTs and what's called a "land sale" (it does not involve land) to pilfer ape holders' wallets.

There was no new mint, as the Bored Ape Yacht Club warned on its other social media account. Many customers were suckered by the official-seeming messages, however, and clicked on a link connecting their wallet, which then transferred its ape-y contents to the hackers. This is like the 'double your money' scam in every MMO ever, except it's somehow even dumber.

Based on the replies above, many Bored Ape fans seem to have had their crypto-wallets cleaned out by the hackers. What will happen next is anyone's guess: the hackers may well disappear into the internet night, while the good old Bored Yacht Club offered the following explanation:

"This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a 'safeTransferFrom' transaction. This transferred their assets to the scammer's wallet."

Estimates of the cost of the hack vary, but it seems reasonable to say that the hackers in question have got away with assets that have a theoretical value in the low millions (here is the hacker's wallet, ferreted-out by crypto-sleuther Zackxbt).

"Two-factor authentication was enabled and the security practices surrounding the IG account were tight," Bored Ape Yacht Club's Yuga Labs wrote in a statement to Motherboard. "Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account. We’re still investigating. Rough estimated losses due to the scam are 4 Bored Apes, 6 Mutant Apes, and 3 BAKC, as well as assorted other NFTs estimated at a total value of ~$3m. We are actively working to establish contact with affected users."

TOPICS
Rich Stanton

Rich is a games journalist with 15 years' experience, beginning his career on Edge magazine before working for a wide range of outlets, including Ars Technica, Eurogamer, GamesRadar+, Gamespot, the Guardian, IGN, the New Statesman, Polygon, and Vice. He was the editor of Kotaku UK, the UK arm of Kotaku, for three years before joining PC Gamer. He is the author of a Brief History of Video Games, a full history of the medium, which the Midwest Book Review described as "[a] must-read for serious minded game historians and curious video game connoisseurs alike."