Phishing Attack Depletes NFT Trader’s $145k Worth of BAYC

A recent phishing attack has resulted in an NFT trader losing more than $145,000 worth of Bored Ape Yacht Club (BAYC) collectibles. The cryptocurrency scene has been plagued by a growing number of scam schemes, and this incident highlights the need for increased security measures.

The attack was brought to light by on-chain security platform PeckShield in a post on May 9. It involved the transfer of three BAYC NFTs, starting at 17:47 UTC on May 8. The first NFT, BAYC 7531, was moved from tatis.eth to a phishing account. The attacker then proceeded to transfer BAYC 6736 and BAYC 2100 to the same address.

The identity of the malicious actor responsible for the attack has been identified as Pink Drainer. As of now, the three BAYC NFTs are still missing, as Pink Drainer has sold them for a total of 48.5 ETH, equivalent to $145,000. The sales were conducted on popular NFT marketplaces Seaport and Blur.

This incident is not the first of its kind in the cryptocurrency space. In December 2023, the same hacker group stole Chainlink (LINK) tokens worth $4.4 million. The hackers employed deceptive tactics, tricking users into authorizing transactions linked to the “IncreaseAllowance” function, resulting in significant losses.

These types of hacks have become increasingly prevalent in the last quarter of 2023. For example, JPEG’d, an NFT protocol, warned its community about malicious platforms that mimicked its services and aimed to exploit users by securing transaction approvals and then draining them of their NFTs and digital assets. Similarly, Flooring Protocol, a liquidity solution for NFTs, fell victim to an exploit when its multi-call smart contract was attacked. The attacker proceeded to dump the stolen NFTs, prompting the protocol’s developers to implement a solution to address the vulnerability.

These incidents serve as a reminder of the importance of robust security measures in the cryptocurrency space. Users must remain vigilant and exercise caution to protect their valuable assets from phishing attacks and other fraudulent activities.