Bored App Yacht Club NFTs have become a staple in crypto culture. As one of the most recognizable collectibles in the NFT landscape, it has also come with a prime target for scammers, hackers, and other unscrupulous players.
As the NFT space grows, so does the sophisticated nature of exploits and hacks. Over the weekend, it was on prime display, as a sophisticated scheme resulted in the theft of the Bored Apes collection.
bored ape blues
Hacking and exploits targeting bored app owners is nothing new. Case Studies Around Archive Periods Over the past year: from Hollywood actor Seth Green to the whole Discord exploit, we’ve seen a whole garden variety of successful BAYC exploit attempts.
While this is no fault of Era Labs, these exploits highlight how important wallet security is to holders of the popular NFT collection. Furthermore, these types of exploits are far from being exclusive to Bored Ape Yacht Club, and are generally present in all major ‘blue chip’ NFT collections.
The latest example of all this came over the weekend, and involved incredible levels of social engineering – leaving the community with a stark reminder that today being meticulous and detail-oriented simply isn’t enough to protect your assets.
Bored Ape Yacht Club has built a massive community and following, including a dedicated token, APE. | Source: APE-USD on TradingView.com
The breach in recent days resulted in 14 Bored Ape Yacht Club NFTs stolen through a sophisticated scheme that involved high-level social engineering from a single owner.
This is the latest level of hack which shows the level of expansion and operation of the exploit in today’s world. In this case, the hacker was able to quickly liquidate the NFTs for around 850 ETH, or just over $1M.
A detailed thread from the popular Web3 security analyst @Snake Breaks down the story concisely and in great detail.
In a social engineering scheme the hacker portrayed himself as a casting director at an LA-based studio seeking to license the NFT for a substantial fee; While the studio exists, the alias used by the hacker does not. However, fake email domains, after-hours calls, fake partnership pitches, and other elements led to the heist.
It was at least months in the planning. This is yet another example that for high-dollar NFTs, cold storage is the safest option – and signing or negotiating contracts can be a huge risk unless confirmed beforehand. As Serpent concluded in his thread, using multiple wallets, verifying identities, and not randomly signing or signing transactions are essential rules for NFT holders.