In 2021, non-fungible-tokens (NFTs) became a cultural phenomenon, and with it rose a new NFT collection—Bored ape Yacht Club. Ape avatars wearing hats, sunglasses and chains became the face of not only NFTs but somehow seeped into the broader mania around cryptocurrency. BAYC NFTs are a popular collection of 10,000 unique bored apes created by Yuga Labs. This collection has seen billions of dollars in sales to date, as per dappradar.com metrics.
Celebrities were quick to join the ape ‘frenzy’. Jimmy Fallon and Paris Hilton showed off their ape avatars on national TV. Eminem was quick to buy rapper ape avatar NFT. Shaq made his ape his Twitter profile picture. Pop stars like Ozzy, and Justin Bieber also bought ape NFTs.
Then came the hacks. Here we list all the times when BAYC NFTs were claimed to be stolen or ‘hacked’.
In January 2022, NFT collector Todd Kramer based out of New York said that his collection of sixteen BAYC NFTs worth $2.28 million (Rs 16.94 crore approx.) was “hacked.” The owner of the NFTs Todd Kramer said that NFT marketplace OpenSea had “frozen” the assets for him including one Clonex, seven Mutant Ape Yacht Club, and eight BAYC NFTs currently valued at around 615 Ether.
Kramer on Twitter said that the incident was “arguably the worst night” of his life. Narrating his ordeal he tweeted that he had clicked on a link that appeared to be a genuine NFT DApp (decentralised application). But it turned out to be a phishing attack leading to 16 of his NFTs being stolen. “I been hacked,” he wrote. “All my apes gone.”
A bored ape holder that goes by the name ‘s27’ lost bubble gum ape and matching mutants worth $567k after swapping their NFTs at a fake exchange named “Swap. Kiwi”. This platform allows for direct NFT swaps between collectors, at reduced transaction fees. ‘s27’ transferred this ape from his vault to another wallet, just to lose it shortly thereafter.
A Twitter account that goes by the name ‘quit’, which tracks all popular NFT ape avatars said that his Discord server is configured to track BAYC listings that are at least 5 per cent below their floor price in Ether. “The pings are rare, but when they happen it generally means one of two things: somebody is panic selling, or somebody is compromised. When I saw the notification for #1584, I instantly knew it was the latter,” said the user.
In April 2022, BAYC said that its instant messaging platform Discord was hacked and “briefly compromised,” telling users not to mint — the process of taking a digital asset and converting it to a digital file stored on a blockchain — any Apes on its platform.
“STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now,” BAYC said in a tweet.
This was the second time when Discord servers were hacked. On March 17, a hacker gained illegal access to Rare Bears Discord moderator Zhodan’s account. The hacker immediately posted an announcement within the group informing that a new mint of NFT’s was taking place, followed by a phishing link. As soon as users clicked on the link, their NFTs were stolen.
The attacker then banned other admins of the group, removing their ability to post anything on the Discord server. In a post, the NFT company said the hackers invited a fake “Collab. land” bot to automatically lock all channels servers so no one could communicate that the posts in announcements were fake. “Our team are working on a solution as we speak for those affected and will announce as soon as we can,” the company said in a tweet.
An NFT trader named Jeff Nicholas, who was seeking technical support entered a Discord channel run by hackers impersonating the identities of OpenSea staffers. Nicholas was asked to share his screen—and once he did, all of his cryptos were stolen from his wallet. According to The Verge, six figures’ worth of tokens out of the wallet including his apes were gone.
The Instagram account belonging to the BAYC NFT collection was hacked. A phishing link was sent out to users and designed to steal NFTs. According to Gizmodo, three million dollars worth of crypto was stolen from the victims.
“Rough estimated losses due to the scam are 4 Bored Apes, 6 Mutant Apes, and 3 BAKC [Bored Ape Kennel Club], as well as assorted other NFTs estimated at a total value of $3m,” a BAYC spokesperson told Gizmodo.
What have we learned?
If you ever decide to trade BAYC NFTs. It is important to understand that you are the target of all the cybercriminals who might find out new ways to lure you in and steal away your NFTs. Make sure you cross-check every information posted by BAYC on their social media handles.
Be it their Twitter, Instagram or Discord—all of them have been hacked, and once your NFTs are stolen, there is no way to recover it back. Better to be sceptical than to lose all your NFTs.