Ape Yacht Club Is Uninterested NFTs are now deeply embedded in the crypto culture. As one of the most well-known NFT collections, it has become a popular target for scammers and hackers.
The complexity of exploits and hacks grows in tandem with the growth of the NFT market. This was on full display over the weekend, when a clever plan resulted in the theft of a significant Bored Ape collection.
Bored Ape Blues
Hacking and exploiting Bored Ape owners is nothing new. Over the last year, we’ve seen a wide range of successful BAYC exploit attempts, from Hollywood actor Seth Green to entire Discord exploits.
While not the fault of Yuga Labs, these exploits highlight the importance of wallet security for owners of the popular NFT collection. Furthermore, these types of exploits are not unique to Bored Ape Yacht Club; they are common in all ‘blue chip’ NFT collections.
The most recent example occurred over the weekend and involved incredible levels of social engineering, serving as a stark reminder to the community that is meticulous and meticulous is no longer enough to protect your assets.
Breaking Down The Breach
In recent days, a sophisticated scheme involving high-level social engineering resulted in the theft of 14 Bored Ape Yacht Club NFTs from a single owner.
The most recent level of hacking shows the level of detail and effort that exploiters are willing to go to in the modern world. In this case, the hacker was able to quickly sell the NFTs for around 850 ETH, or slightly less than $1 million.
In a detailed thread, popular web3 security analyst @Serpent breaks down the story concisely and in great detail.
The hacker pretended to be a casting director at a Los Angeles-based studio looking to license an NFT for a large fee; the studio does exist, but the hacker’s alias does not. However, this theft was caused by fake email domains, hours of phone calls, fake partnership proposals, and other factors.
The plan took at least a few months to develop. This demonstrates that cold storage is the safest option for high-value NFTs and that signing or interacting with contracts can pose a significant risk if not confirmed in advance. As Serpent concluded in his thread, using multiple wallets, verifying identities, and avoiding signing random signatures or transactions are all important guidelines for NFT holders.