
A common use case for the blockchain is reducing fraud. Shouldn’t that mean it’s impervious to hackers? Not necessarily. Here’s how a hacker was able to amass more than $1 million in stolen Bored Ape Yacht Club NFTs.
For any of us that have received a nefarious link in our emails or on social media that encourages us to input private information, we’re already familiar with the logistics of phishing. A hacker sends us a link, usually under the guise of a brand or person we recognize, and asks for personal details like usernames, passwords, or bank details that aid them in assuming our identity or assets.
It’s precisely what happened in the case of the Bored Ape Yacht Club hack which was announced on Twitter Monday morning.
this is what the link showed for those wondering pic.twitter.com/noG3TCniXQ
— jatuur (@jatuur) April 25, 2022
A hacker was able to take charge of the official Bored Ape Yacht Club Instagram profile, and sent a communication to followers claiming to be offering an “airdrop,” which is a term used to describe a free token giveaway. (Note: it’s not clear at this time how the hacker was able to login to the official Instagram, in the first place.)
Users were asked to link their wallet to benefit from the airdrop, which made their mobile wallet susceptible to the hacker and resulted in the transfer of multiple NFTs, presumably including four Bored Apes and a number of other NFTs minted by the Bored Apes creators, Yuga Labs.
The hack illuminates a glaring problem in the NFT market. Namely, MetaMask, the popular wallet application, only supports NFT display on mobile which is less user-friendly than the platform’s browser extension leading to mistaken transaction approvals.
What’s the solution for NFT holders? “MetaMask with Ledger,” according to Adryenn Ashley. “NFT holders need a wallet that gives them the ease of MetaMask with the security of hardware.”
The hack is a reminder that even though the blockchain has the potential to overcome fraud, users still need to be mindful of third party applications that manage their data.