Categories
Security

Thief steals $1 million of Bored Ape Yacht Club NFTs with Instagram hack

A hacker has stolen NFTs worth millions of dollars after compromising the official Instagram account for Bored Ape Yacht Club (BAYC) and using it to post a phishing link that transferred tokens out of users’ crypto wallets.

The hack was disclosed on Twitter by BAYC just before 10AM ET on Monday morning. “There is no mint going on today,” the Tweet read. “It looks like BAYC Instagram was hacked.”

Another tweet from a user unaffiliated with the project claimed to show the image that had been posted from the BAYC account, promoting an “airdrop” — essentially a free token giveaway — for any users who connected their MetaMask wallets.

Unfortunately, BAYC’s warning came too late for a number of holders of the extremely expensive Bored Ape NFTs, along with many other valuable NFTs stolen in the hack. A screenshot posted by one Twitter user showed an OpenSea page for the hacker’s account receiving more than a dozen NFTs from the Bored Ape, Mutant Ape, and Bored Ape Kennel Club projects — all presumably taken from users who connected their wallets after clicking on the phishing link.

The profile page tied to the hacker’s wallet address was no longer visible on OpenSea at time of publication. OpenSea head of communications Allie Mack confirmed to The Verge that the hacker’s account had been banned on the platform, as OpenSea’s terms of service prohibited fraudulently obtaining items or otherwise taking them without authorization.

But given the decentralized nature of NFT, the contents of the hacker’s wallet can still be viewed on other platforms. Seen through NFT platform Rarible, the wallet contained 134 NFTs, among them four Bored Apes and many others items from projects made by Yuga Labs — the creators of BAYC — such as Mutant Apes and Bored Ape Kennel Club.

Independently, each of the stolen Apes is worth well into six figures based on the most recent sale price. The lowest priced Ape, #7203, last sold four months ago for 47.9 ETH — equivalent to $138,000 at current exchange price. Ape #6778 was last sold for 88.88 ETH ($256,200), while Ape #6178 sold for 90 ETH or $259,400. And Bored Ape #6623 was the most valuable of all, sold three months ago for 123 ETH ($354,500) — meaning that collectively the total value of the four stolen Apes is just over $1 million.

It is not known yet how the hacker was able to compromise the project’s Instagram account. In a statement sent to The Verge by email and also posted on Twitter, Yuga Labs said that two-factor authentication was enabled at the time of the attack and that the security of the Instagram account followed best practices. Yuga Labs also said that the team was actively working to establish contact with affected users.

Though NFTs can be bought and sold for huge sums of money, they are often held in smartphone wallets rather than more secure environments because the popular decentralized crypto wallet application MetaMask only supports NFT display on mobile. It also encourages users to manage NFTs through the smartphone app rather than the browser-based extension. This means that the use of Instagram to deliver a phishing link is an effective way to steal NFTs, as the phishing link is more likely to be interacted with from a mobile wallet.

While security advice in the crypto space suggests NFT holders never connect their wallet to an unknown or untrusted third party, the fact that the phishing link was sent through the official BAYC social media account likely convinced the victims that it was legitimate, raising difficult questions about where exactly the fault lies.

Yuga Labs did not respond to an email from The Verge asking whether victims of the hack would be compensated by the project for their losses.



Repost: Original Source and Author Link

Categories
Computing

A Thief Stole $7,000 Worth of GPUs From an Internet Café

Graphics cards look like the next hot ticket item for thieves. A XChinese news outlet reports that a group of bandits stole nearly $8,000 worth of graphics cards from an Internet café in Hangzhou — the capitol of China’s Zhejiang province — and police have yet to identify them.

The story comes only a few short months after a group of smugglers tried bringing 300 GPUs across the Pacific. The business owner didn’t identify which cards were stolen, though they said each one was worth about 7,000 yuan ($1,094). In total, the shop owner said he lost 50,000 yuan ($7,812). Given how high GPU prices are right now, there’s no way of telling what cards were stolen based on the price.

One of the thieves contacted the owner about renting the café. They used a fake ID and wore a mask when meeting with the owner, citing pandemic restrictions. Once inside, the thief asked the owner to get them a garbage bag so they could have the café to themselves. With a moment alone, they were able to ascond with seven graphics cards and motherboards.

The thief told the shop owner a friend was coming into the café, but it’s not clear if the heist was actually a group effort or not. Police haven’t identified the thief and haven’t made any arrests.

Stolen graphics cards may be the new normal given the state of the GPU market. Huge demand spurred by the pandemic and compounded by cryptocurrency miners has driven up the prices of graphics cards to places they’ve never been before. In mid-2021, it’s not uncommon to spend over $1,000 for a midrange GPU. At the high end, you can expect to pay over $2,000.

And there’s no shortage of people looking to capitalize on demand. Market analysis from earlier this year said scalpers brought in $61.5 million in sales in 2020 — or $15.2 million in profit. Buyers are willing to pay up for the latest graphics cards not just for gaming, but because of the value of various cryptocurrencies at the moment. Nvidia alone said it brings in more than $400 million from cryptocurrency miners each year.

This demand has pushed many chip suppliers to try and release more supply into the market. As some analysts have noted, though, the devaluing of cryptocurrency and a drop-off in demand could cause problems for this coveted hardware.

Editors’ Choice




Repost: Original Source and Author Link