CertiK shares security tips following third BAYC security compromise in six months

Published at: June 6, 2022

On June 4, the popular nonfungible token, or NFT, project Bored Ape Yacht Club (BAYC) suffered its third security compromise this year. Nearly 142 Ether (ETH) ($250,000) worth of NFTs was stolen after hackers gained access to the Discord account of a BAYC community manager and posted a message with a link to a fake website.

The link advertised a limited-time free-NFT giveaway to users who connected their wallets, which were then drained of NFTs. During two prior occasions in April, hackers breached BAYC's Discord and Instagram pages and managed to siphon 91 NFTs, worth over $1.3 million at the time of the second attempt, via a phishing link. 

As told by blockchain security firm CertiK, hackers quickly moved stolen funds to obfuscation platform Tornado Cash, making it impossible to trace any further flow of funds on the blockchain. In a statement to Cointelegraph, sources at CertiK explained that however legitimate the project may seem, "NFT holders should also be highly suspicious of anyone claiming to offer free assets, as these can often be phishing attacks." In addition, CertiK wrote:

"In the case of the June 4th attack, the malicious carbon-copy site had some small differences. Firstly, there were no links to social media sites on the phishing site. There was also an added tab titled "claim free land" and specifically targeted popular NFT projects."

As a precautionary measure, Certik recommended crypto enthusiasts look for subtle peculiarities on such sites, as they are frequently an indicator of malicious activity. "At the very least, users engaging with such giveaways should always make an effort to confirm the legitimacy of the site by comparing it with a known and confirmed site and looking for any discrepancies," they concluded.

Tags
Nft
Related Posts
Pioneering hardware wallet brings enhanced staking to cold storage
Twelve months ago, the total value of cryptocurrency locked in staking programs was barely more than $1 billion. Today, there is $58 billion locked in decentralized finance, or DeFi. The adoption of DeFi has been a sea change that’s helped push the crypto industry into the mainstream, but it’s hardly the only one. Mainstream institutions including MicroStrategy and Tesla have poured billions of dollars into Bitcoin — and some have been buying the dip — while nonfungible tokens have evolved from CryptoKitties and CypherPunks to an artistic medium pulling in millions in bids for a new generation of digital artists …
Technology / June 8, 2021
$1 million rock NFT sells for a penny in all ore nothing error
It's a hard rock life for one crypto user. A clumsy keystroke and the actions of a sniper bot caused a million-dollar mistake on March 10. A rock valued at 444 ether (ETH), or $1.2 million, sold for 444 Wei ($0.0012) to a bot as the seller, DinoDealer confused WEI and ETH. In a tweet, the seller said “in one click my entire net worth of ~$1 million dollars, gone.” How's your week? Mine? I just erroneously listed @etherrock #44 for 444 wei instead of 444 eth‍♂️ Bot sniped it in the same block and trying to flip for 234 …
Blockchain / March 18, 2022
BNB Chain launches a new community-run security mechanism to protect users
BNB Chain, the native blockchain of Binance, has launched AvengerDAO, a new community-driven security initiative to help users against scams, malicious actors and possible exploits. The security-centric decentralized autonomous organization (DAO) has been developed in association with leading security firms and popular crypto projects such as Certik, TrustWallet, PancakeSwap and Opera, to name a few. The AvengerDAO security initiative mainly consists of three major components, namely a passive API system called Meter, a subscription-based alert system called Watch, and a programmable fund management system called Vault. When a user on the BNB Chain interacts with any applications or counterparties, the …
Blockchain / Sept. 20, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Top 7 blockchain courses and certifications for beginners
Blockchain courses and certifications can play an important role in helping individuals gain a comprehensive understanding of blockchain technology and its applications. By completing these courses, individuals can develop technical skills, stay current with industry developments, enhance their career opportunities and increase their earning potential. Here are seven blockchain courses and certifications for beginners. INE’s Blockchain Security INE’s Blockchain Security course is an online course offered by Internetwork Expert (INE) that provides a comprehensive overview of the security aspects of blockchain technology. The course covers various topics such as consensus algorithms, cryptography, network security, smart contract security, and blockchain attacks …
Decentralization / Feb. 2, 2023