Bored Ape Yacht Club (BAYC) was hacked for the third time this year on June 4th, leading to the loss of about $250,000 worth of NFTs. The sad event prompted Certik to give a few security tips.
Hackers obtained access to a BAYC community manager’s Discord account and uploaded a message with a link to a bogus website, stealing about 142 Ether ($250,000) in NFTs.
Users who connected their wallets, which were then emptied of NFTs, were offered a limited-time free NFT gift. Hackers broke into BAYC’s Discord and Instagram pages on two previous occasions in April, stealing 91 NFTs valued at over $1.3 million on the second try, using a phishing link.
According to blockchain security firm CertiK, hackers moved stolen funds to obfuscation platform Tornado Cash, making any subsequent flow of funds on the blockchain hard to track.
According to officials at CertiK, “NFT holders should also be particularly wary of anyone purporting to deliver free assets, as these can often be phishing scams,” regardless of how credible the project appears. Furthermore, CeriK wrote:
“In the case of the June 4th attack, the malicious carbon-copy site had some small differences. Firstly, there were no links to social media sites on the phishing site. There was also an added tab titled “claim free land” and specifically targeted popular NFT projects.”
Certik advised crypto aficionados to seek for small anomalies on such sites as a preventative measure, as they are typically an indicator of criminal activity.
“At the very least, users participating in such giveaways should always check the integrity of the site by comparing it to a known and verified site and looking for any inconsistencies,” they concluded.
