Bored Ape NFTs Worth $135K Stolen by Prolific Phishing Thief
Two Bored Ape Yacht Club (BAYC) NFTs have been stolen by a cyber thief known as Fake_Phishing182232.
The NFT bandit, known only by the name of their ethereum wallet, first became active on June 23. In the week since, Fake_Phishing182232 has become notorious for scamming victims out of dozens of NFTs through phishing links.
Stolen BAYC NFTs Sold For 70.44 ETH
On Saturday, the NFT thief pulled off the highest value heist yet with the theft of the Bored Apes #2330 and #8177. The security researcher PeckShield Alert first drew attention to the theft.
Shortly after they were stolen, the NFTs were sold on the Blur marketplace for a combined 70.44 ETH (around $135,500 USD).
Studying Fake_Phishing182232’s transaction history reveals that dozens of other Ethereum wallets have fallen victim to the phishing hack.
NFTs from the Mutant Ape Yacht Club, Bored Ape Kennel Club, and Killabears collections are among the stolen assets. Like the BAYC examples, the most valuable of these were quickly flipped on Blur.
Crypto Phishing Attacks Turn to NFTs
Phishing describes using fake emails, links, and websites to convince victims to hand over their login credentials or sign malicious contracts. In the context of crypto, phishing entails criminals gaining access to users’ wallets by posing as legitimate parties.
For example, one scammer recently stole $15 million worth of crypto by running a clone of the HitBTC exchange. Once they arrived at the fake website, users were asked to connect their wallets, which were then drained of Bitcoin, Ether, USDT, and Shiba Inu.
In fact, there have been several incidents of phishing attacks involving crypto this year.
Hackers compromised Robinhood’s Twitter account in January to promote a fake token. Meanwhile, Metamask reported in February that its users had received phishing emails after its email provider was compromised.
Criminals have also taken advantage of individuals’ online social media profiles to spread phishing links.
Last month, the Twitter account of OpenAI CTO Mira Murati was briefly taken over. While under the control of scammers, the account was used to promote a fake token from the AI firm.
Thankfully, the company appears to have swiftly taken action. But the incident serves as a reminder that social media platforms remain a hotbed of scams. And it underscores the importance of remaining vigilant, even when interacting with reputable accounts.
With NFT collections now reaching millions at auction, it is unsurprising that phishing attacks have turned their attention to digital collectibles.
More than ever, the latest attacks demonstrate the need for best practices regarding wallet security. Regardless of the type of assets being stored, wallet owners should always be on their guard.
