Over the weekend, an infamous hacker known as Jason Brubeck succeeded in stealing approximately 850 ETH ($1+ million) worth of Bored Ape collection, leaving his victim completely devastated.
The news was first broken by @serpent, who had been able to trace and identify the suspect’s activity with impressive precision through phishing tactics. Such egregious fraudulence is a stark reminder of how important it is for all users to remain vigilant when trading digital assets online.
Unraveling the breach
Through a carefully planned attack involving intricate social engineering tactics, 14 of the Bored Ape Yacht Club’s NFTs were stolen from the victim by the Hacker.
According to @serpent, the hacker contacted the victim and asked to license IP rights for BAYC #2060. They claimed to be a casting director for Forte Pictures, an L. A based Emmy Award-winning company. While the studio exists, the alias the scammer used was fake.
The scammers pretended they were creating an NFT-related film called “The Return of Time” in collaboration with “Unemployd.” Unemployd was an “AI-powered social IP platform for NFTs,” also a scam.
The hacker was able to lure the victim to sign seaport signatures/contracts outside Opensea using a fake website to steal the Bored Ape Collection
NFT scams reach unprecedented levels this year
This year has seen a dramatic rise in the number of DeFi and NFT hacking attempts, with Bored Ape Yacht Club (BAYC) losing ETH 200 worth of digital assets early this year. However, a range of such cases includes famous Hollywood actor Seth Green.
These incidents are not exclusive to BAYC alone – many other popular ‘blue chip’ NFT collections have experienced similar security issues. Other notable victims include Zeneca, an NFT influencer, and PREMINT – an NFT registration platform- both falling prey to hacks in mid-July. In August, Solana wallet provider Phantom took swift action by introducing a new feature that burns spam sent through scammer’s NFTs, proving themselves to be at the forefront of phishing prevention.
Preventing NFT Scams
As the NFT market soared to over $40 billion in trading volume in 2021, it is no shock that cybercriminals are using fraudulent NFT activities to attack victims.
To prevent NFT scams, it is essential to understand what you are signing so as not to sign random signatures and transactions.
Serpent advised in his thread that NFT holders must always remember to utilize multiple wallets, verify identities, and never sign arbitrary transactions or signatures if they want to protect their assets.