"Crazy to think that even the best security practices from a user side isn't enough sometimes."
Hackers took control of the Instagram and Discord accounts of Bored Ape Yacht Club, currently the second most valuable NFT collection by trading volume, and got away with more than ten million dollars' worth of NFTs — yet another instance of blockchain collectors losing their at times extremely valuable assets to hackers and scams.
At least 24 Bored Apes and 30 Mutant Apes have been stolen and transferred to new crypto wallets, CoinDesk reports, totaling $13.7 million.
"The hacker posted a fraudulent link to a copycat of the Bored Ape Yacht Club website," the company tweeted. "Immediately upon discovering the hack, we alerted our community, removed links to the compromised IG account from our platforms and attempted to recover the account."
The total losses of the hack remain somewhat hazy. The company itself says it lost only around $3 million worth of Apes to the hackers, according to a statement received by CoinDesk.
The exploit was discovered Monday morning.
"There is no mint going on today," the official BAYC Twitter account tweeted this morning. "It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything."
Judging by replies on Twitter, the hack has clearly affected a large number of users.
"Crazy to think that even the best security practices from a user side isn't enough sometimes," the founder of crypto security firm Sentinel tweeted. "Insider employees and social engineering everywhere."
Collectors don't have much recourse, as the entire NFT market operates in a regulatory vacuum. In other words: buyers beware.
READ MORE: Thief steals $1 million of Bored Ape Yacht Club NFTs with Instagram hack [The Verge]