Bored Ape Yacht Club (BAYC), the purveyors of expensive template-based ape non-fungible tokens, announced on Monday that its Instagram account had been taken over and used to siphon off cryptoassets.
“The hacker posted a fraudulent link to a copycat of the Bored Ape Yacht Club website, where a safeTransferFrom attack asked users to connect their MetaMask to the scammer’s wallet in order to participate in a fake airdrop,” BAYC creators Yuga Labs said in a statement.
“Rough estimated losses due to the scam are 4 Bored Apes, 6 Mutant Apes, and 3 BAKC, as well as assorted other NFTs estimated at a total value of ~$3m. We are actively working to establish contact with affected users.”
On Twitter, it said once the attack was discovered, links to the Instagram account were removed before it regained control of the account. BAYC said it was looking into how the attack occurred and would be posting a full post mortem.
“At the time of the hack, two-factor authentication was enabled and security surrounding the IG account followed best practices,” it said, before contradicting its statement on reaching out to affected users.
“If you were affected by the hack or have information that might be helpful, reach out to email@example.com. You need to contact us first — anybody contacting you first is not us. We will NOT reach out to anyone over email first, and we will NEVER ask for your seed phrase.”
BAYC added it would only be announcing mint events on Twitter and its announcement Discord channel.
Yuga Labs has also recently acquired CryptoPunks and Meebits from Larva Labs.