Yesterday, Elon Musk tweeted a political cartoon. There was a slew of responses on Twitter. Philip Bump of the Washington Post argues that the caricature is incorrect.
The cartoon’s author had a very different reaction. He’s now offering it for sale as an NFT. Because, well, why not? The current bid is 1.25 Ether, which is a little less than $3,600.
After getting access to the Instagram account belonging to the Bored Ape Yacht Club (BAYC) collection, hackers made off with nearly $3 million worth of some of the world’s most popular nonfungible tokens.
Once inside, the hackers posted a message that contained a link to a cloned version of BAYC’s official website as well as a free crypto token offer. Anyone who attempted to collect the free tokens by authenticating and connecting their digital wallets to the bogus site instead granted the hackers complete access to their NFTs and other crypto assets.
“Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account. We’re still investigating,” Yuga Labs, the company that owns BAYC, said in a statement. According to the firm, the Instagram account was secured with two-factor authentication. A request for comment from Instagram was not returned.
Owners of hacked Bored Apes, Mutant Apes, and Bored Ape Kennel Club NFTs lost a total of four Bored Apes, six Mutant Apes, and three Bored Ape Kennel Club NFTs valued at around $3 million, according to Yuga. According to tracker DappRadar, the average price of a Bored Ape, which is among the most popular and sought-after, is presently more than $430,000.
It’s not the first time hackers have targeted wealthy cryptocurrency investors, nor is it the first time BAYC has been hacked. A phishing assault cost 17 customers of the NFT marketplace OpenSea a large number of tokens earlier this year. Others have been duped by hackers who sold them NFTs that turned out to be unlicensed counterfeits.
Because the BAYC Instagram account employed two-factor authentication, according to Ronghui Gu, CEO of blockchain security firm CertiK, hackers most likely got access to the account by deceiving an administrator through social engineering. This fraud includes gaining someone’s confidence by leveraging personal or professional information, which allows a scammer to extract further data or credentials for a sensitive or valuable account.