wp-plugin-hostgator domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114ol-scrapes domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114Source: https:\/\/www.theverge.com\/2022\/4\/25\/23041415\/bored-ape-yacht-club-nft-hack-instagram<\/a> A hacker has stolen NFTs worth millions of dollars after compromising the official Instagram account for Bored Ape Yacht Club (BAYC) and using it to post a phishing link that transferred tokens out of users\u2019 crypto wallets.<\/p>\n The hack was disclosed on Twitter by BAYC<\/a> just before 10AM ET on Monday morning. \u201cThere is no mint going on today,\u201d the Tweet read. \u201cIt looks like BAYC Instagram was hacked.\u201d<\/p>\n There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.<\/p>\n \u2014 Bored Ape Yacht Club (@BoredApeYC) April 25, 2022<\/a>\n<\/p><\/blockquote>\n<\/div>\n Another tweet<\/a> from a user unaffiliated with the project claimed to show the image that had been posted from the BAYC account, promoting an \u201cairdrop\u201d \u2014 essentially a free token giveaway \u2014 for any users who connected their MetaMask wallets.<\/p>\n Unfortunately, BAYC\u2019s warning came too late for a number of holders of the extremely expensive Bored Ape NFTs, along with many other valuable NFTs stolen in the hack. A screenshot<\/a> posted by one Twitter user showed an OpenSea page for the hacker\u2019s account receiving more than a dozen NFTs from the Bored Ape, Mutant Ape, and Bored Ape Kennel Club projects \u2014 all presumably taken from users who connected their wallets after clicking on the phishing link.<\/p>\n The profile page tied to the hacker\u2019s wallet address was no longer visible on OpenSea at time of publication. OpenSea head of communications Allie Mack confirmed to The Verge<\/em> that the hacker\u2019s account had been banned on the platform, as OpenSea\u2019s terms of service prohibited fraudulently obtaining items or otherwise taking them without authorization.<\/p>\n But given the decentralized nature of NFT, the contents of the hacker\u2019s wallet can still be viewed on other platforms. Seen through NFT platform Rarible<\/a>, the wallet contained 134 NFTs, among them four Bored Apes and many others items from projects made by Yuga Labs \u2014 the creators of BAYC \u2014 such as Mutant Apes and Bored Ape Kennel Club.<\/p>\n Independently, each of the stolen Apes is worth well into six figures based on the most recent sale price. The lowest priced Ape, #7203<\/a>, last sold four months ago for 47.9 ETH \u2014 equivalent to $138,000 at current exchange price. Ape #6778<\/a> was last sold for 88.88 ETH ($256,200), while Ape #6178<\/a> sold for 90 ETH or $259,400. And Bored Ape #6623<\/a> was the most valuable of all, sold three months ago for 123 ETH ($354,500) \u2014 meaning that collectively the total value of the four stolen Apes is just over $1 million.<\/p>\n It is not known yet how the hacker was able to compromise the project\u2019s Instagram account. In a statement sent to The Verge<\/em> by email and also posted on Twitter, Yuga Labs said<\/a> that two-factor authentication was enabled at the time of the attack and that the security of the Instagram account followed best practices. Yuga Labs also said that the team was actively working to establish contact with affected users.<\/p>\n Though NFTs can be bought and sold for huge sums of money, they are often held in smartphone wallets rather than more secure environments because the popular decentralized crypto wallet application MetaMask only supports NFT display on mobile<\/a>. It also encourages users to manage NFTs through the smartphone app rather than the browser-based extension. This means that the use of Instagram to deliver a phishing link is an effective way to steal NFTs, as the phishing link is more likely to be interacted with from a mobile wallet.<\/p>\n While security advice in the crypto space suggests NFT holders never connect their wallet to an unknown or untrusted third party, the fact that the phishing link was sent through the official BAYC social media account likely convinced the victims that it was legitimate, raising difficult questions about where exactly the fault lies.<\/p>\n
\n
<\/br><\/code><\/p>\n\n