Hackers robbed the largest NFT collection for over $3 million. How was scam arranged

The virtual tokens Bored Ape Yacht Club cost thousands of dollars and is in the collections of Justin Bieber, Eminem, Madonna and Paris Hilton. “Theft” multiple digital monkeys via Instagram on April 25 at a cost their owners more than $3 million. As criminals haknuly one of the most expensive NFT-collections and do with that stolen primates.

As criminals stole NFT

Hackers gained access to MetaMask, from which users pay for NFT, through phishing link. They published it on the official website Yuga Labs – creators Bored Ape Yacht Club – in Instagram. As criminals have access to the official account, is not known. Yuga Labs says it followed all safety rules, including two-factor authentication is set to Account Manager.

Hackers published in Instagram on behalf Yuga Labs post about «airdrop» – free distribution of tokens. Users who clicked on the link, the criminals offered to sign a contract feykovyy smart for a transaction that enabled steal wallets NFT 32 amount to $3,000,000, of which there are four monkeys from the collection Bored Ape Yacht Club.

What should I know about Bored Ape Yacht Club (BAYC)

This collection of digital assets based on Ethereum.

A total of 10 000 unique collection of monkeys, which generated algorithms. This is one of the most popular collections in OpenSea.

Sales BAYC as of January of this year – more than $1 billion. The American presenter Jimmy Fallon paid for a token $224,000, rapper Eminem – $452,000, musician Justin Bieber – $1.3 million.

Founders BAYC – friends under pseudonyms Gargamel, Gordon Goner, Emperor Tomato Ketchup and No Sass.

Why Instagram chose to search for victims? Because NFT often stored in kryptohamantsyah smartphone. In addition, the program displays MetaMask NFT only on mobile devices and encourages users to manage tokens app on your phone, rather than expanding in the browser. Thus through a link Instagram hackers could gain access to the mobile wallet users.

What to do with stolen NFT

Purchase NFT equate to buying art, and sell the stolen picture – not easy, especially if it is known. Market places like OpenSea follow this and try to stop the sale of NFT.

Cybercriminals, however, have learned to circumvent these restrictions and continue to sell stolen or counterfeit tokens.

In January 2022 the first hackers earned $1.3 million at the NFT collection The Big Daddy Ape Club, which is based on blokcheyni Solana. Buyers confused it with The Bored Ape Yacht Club. But in early April, the owner of the virtual monkeys under the name «s27» NFT lost in excess of $500,000 when fraudsters convince exchange them for forgery.