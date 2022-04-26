The NFT (Non Fungible Tokens) are one of the technological topics that we talk about the most in recent months: we can consider them, simplifying the concept a little, as a digital certificate attesting the ownership of a given good or service – in this case we are talking about a digital asset – through the use of blockchain technology.





Among the most successful NFTs are the Bored Apes – a series of cartoon-style depictions of monkeys -, created within the Bored Ape Yacht Club project by Yuga Labs and become, over time, real cult objects with buyers of the caliber of Madonna, Justin Bieber or Eminem. And the Bored Ape Yatch Club was the involuntary intermediary of a million euro scam.





In fact, yesterday some bad guys took possession of the official Instagram page of the Bored Ape Yatch Club project, announcing a fake NFT “airdrop”, i.e. an imminent release of new purchasable NFTs. Attached to the Instagram post was a malicious link, which led to a page similar in all respects to that of access to MetaMask, a Wallet where users can keep their NFTs and cryptocurrencies.





The victims of the scam, in an attempt to access their Wallet to participate in the fake drop, have in practice handed the access data to their virtual wallet to the attackers. In essence, this is a classic example of a scam, that is, the theft of sensitive computer data through social engineering methods.

A technique as old as the world, applied in this case to one of the most modern technologies on the web. Bored Ape Yatch Club did not share details on how the hackers obtained momentary possession of the project’s Instagram account, limiting themselves to defining the page’s security measures as “rigorous” and confirming the use of two-factor authentication.

The Instagram post with which the hackers announced the fake AirDrop

Over three million dollars in damages. At the beginning of the month, the Discord page was hit in the same way

What is striking about this scam is the extent of the damage: before Bored Ape Yatch Club managed to regain control of its Instagram page and delete the post, a large number of users had already been duped. The first estimates speak of damages of over 3 million dollars, with the passage of at least 134 NFTs from the virtual wallets of the victims to that of the criminals.





Bored Ape Yatch Club is not new to hacking episodes: before the Instagram page, in fact, hackers had managed to take over the Discord page a few weeks ago. The script is identical, with a false drop accompanied by malicious links and users who had lost possession of their digital assets. Compared to the story involving the Instagram page, however, the lower numbers of subscribers to the Discord page had contributed to making the violation less serious.