Top 10 NFT Hacks of All Time

The world of NFT has been booming despite the catastrophic impact of the ongoing bearish market sentiment. However, malicious hackers have taken the industry by storm, taking advantage of bugs and vulnerabilities in different NFT protocols. The result has cost the NFT community millions, including NFT artists and marketplaces.

The following are the top ten most expensive NFT hacks.

1 – Bored Ape Yacht Club Falls Victim of Cybercrime

The Bored Ape Yacht Club (BAYC) has seen massive success since its launch. The NFT project’s debut strategically coincided with the most grossing month of NFT collections, April 2021. The project comprises over 10,000 different cartoon Apes tokenized on the blockchain network. The project’s developer, Yuga Labs, also expanded the collection’s ecosystem by introducing APE Coin cryptocurrency. Unfortunately, BAYC’s success came with some bugs, costing developers and holders millions of dollars.

Despite the success, the Yacht Club has faced multiple massive attacks that have led to huge financial penalties befalling the developers and its fan base. In April 2022, the project saw a $3 million loss after a hacker intruded on the developer’s official Instagram account. The malicious cybercriminal took over the BAYC official Instagram account and shared a scam post with a hacking link.

Many BAYC members clicked on the link that redirects them to connect their wallets to a smart contract. The smart contract gave the attacker access to the tokens stored in their wallets, allowing him to take control of four Bored Apes and several other NFTs. The hacker is estimated to have made away with digital assets worth $3 million.

NFT Collectors of the BAYC are frequently the focus of cyberattacks with varying degrees of practical relevance. BAYC is one of the most well-known NFT collections and boasts famous owners like Eminem, Gwyneth Paltrow, and Madonna.

The club saw its discord hacked and malicious links sent to members in a similar hack. According to a report by Yuga Labs, the perpetrator stole NFTs valued at about $360,000. The project’s community manager, Boris Vagner, had his Discord account infiltrated by a hacker who subsequently uploaded fraudulent links in both the Bored Ape Yacht Club channel and another channel. Members blindly clicking on the links lost funds and digital assets to the attackers. After Bored Ape Yacht Club’s Instagram account and Discord server were hacked, almost $13 million worth of NFTs were seized.

2 – Chelsea Art Gallery’s NFT Heist

The owner of a Chelsea art gallery Todd Kramer had a bad ending to the year 2021. On December 30, Kramer learned that Anonymous hackers had stolen some Non Fungible Tokens from his personal digital art collection. Following the attack, his collections were initially listed on OpenSea, the world’s largest NFT marketplace. 

In his since-deleted tweets, he described what transpired. Bored Apes and Mutant Apes, two of the world’s most expensive Ape NFTs in the industry, made up the majority of the NFTs. In the end, Kramer reportedly lost around $2.2 million due to the ordeal.

Karmer contacted OpenSea after the hack for assistance. The marketplace quickly responded to Kramer’s request for help by immediately freezing any platform transactions until Kramer could retrieve his stolen digital tokens. Many people in the NFT community took offense at this and chastised the tycoon for not using a hardware wallet to store such pricey tokenized virtual art.

Since they are not linked to the internet unless plugged in, hardware wallets, commonly referred to as ‘cold wallets’, are crucial instruments in the fight against costly cyber crimes. Karmer was using a hot wallet, which is always linked to the internet, as it is more vulnerable to attacks.

3 – NFT Influencer Jason Falivitch Hacked

In September 2022, the NFT community received a massive shock as an NFT influencer lost over $1 million in digital art to a hacker. Jason Falivitch, who goes by the name @jfx on Twitter, a BAYC collector, and Twitter NFT influencer, fell victim to a sophisticated hacking attack that drained him of priceless NFT collections he previously owned. 

The collector shared a photo of his stolen NFTs along with the news on social media. The stolen tokens included two Doodles, one MAYC, and one BAYC. These Non-Fungible Tokens were shown in the screenshot shared. However, the hacker may have drawn more NFTs than the ones shared in the photo.

The Influencer’s loss spooked a massive discussion on social media as fans seemingly enjoyed his sorrow. Fans allegedly flagged Jason for promoting NFT scams on his Instagram account, which resulted in the loss of funds.

4 – 29 Moon Birds Get Stolen

Launched on April 16, 2022, Moonbirds is an NFT collection of 10,000 Non Fungible Tokens. Well-known American internet businessman Kevin Rose developed the project as a component of his just-launched Proof Collective, a private, members-only collective of NFT collectors and artists. The collection includes a variety of unique traits that give each token in the collection a distinct appearance that makes them rare Non-Fungible assets.

According to the NFT portal’s official website, Moonbirds are utility-focused PFPs that provide holders with various options to profit from.

A member of the Proof Collective fell for fraud, losing 29 extremely precious Moonbirds built on Ethereum (ETH). The Moonbirds were reportedly stolen from their nest after the owner clicked a malicious link shared by the attacker. The lost Moonbird Non-Fungible tokens (NFTs) were worth approximately $1.5 million. Less than a week after its release, Moonbirds entered the top 10 highest-grossing collections of all time.

5 – Beeple NFT Artist Hacked

Beeple is a well-known virtual artist and graphic designer from the United States of America. He is one of the three most valued living painters in the world. His NFT work has been auctioned in a legacy art house. Having massive success in the industry, the digital artist has sold numerous art collectibles for millions of dollars. His success, however, does not make him immune to cyberattacks.

Cybercriminals impersonated the Non-Fungible token artist Beeple on Twitter and claimed to have launched a new line of digital art with designer Louis Vuitton. They then stole a total of $438,000 worth of cryptocurrencies and NFTs from Beeple’s followers.

Beeple’s account sent out two tweets during that period; the first contained a phishing link that netted about 36 ether, or $73,000, and the second conned the artist’s followers out of $365,000 in various cryptocurrencies and Non-Fungible Tokens.

6 – OpenSea Vulnerability

OpenSea is the largest NFT marketplace in terms of volume and number of users. The marketplace has been on the frontline to enhance the expansion of Non-Fungible Tokens. However, it had not put enough measures to avoid cyberattacks from hackers.

A hacker took advantage of a bug and purchased Non-Fungible Tokens from OpenSea users at a significant discount compared to their intrinsic market value. Due to the vulnerability of the marketplace, tokenized assets with a market valuation of about $1.1 million were illegally purchased and acquired by cybercriminals.

A firm detected at least five different hackers who used this vulnerability to obtain at least twelve valuable Non-Fungible Tokens for a significant discount from their market price. These included the Cool Cats NFTs, Cyberkongz NFTs, Mutant Ape Yacht Club, Bored Ape Yacht Club, and many other expensive digital collectibles. 

On January 24, 2022, at roughly 7 a.m., the hacker bought a Bored Ape Yacht Club NFT #9991 for 0.77 ETH ($1,800). This is way much of a discount considering the then-listed market value of these families of NFTs of around $198,000. Twenty minutes later, the hacker made a profit of $194,000 when they sold the NFT for 84.2 ETH ($196,000).

7 – Nifty Gateways Hacked

Nifty Gateway is a digital art online auction platform for non-fungible token (NFT) art founded by Duncan and Griffin Cock Foster. It was recently purchased by the Winklevoss twins and had been offering NFT-related services since its debut. The online auction platform, however, faced a hack that left it swimming in huge losses.

This costly NFT heist occurred in March 2021, although it happened on a different platform this time. Several Nifty Gateway customers reported that their accounts had been compromised on social media.

Hackers bought and sold NFTs for hundreds of thousands of dollars using these stolen accounts. What’s worse? Due to the fact that these fraudulent charges were sent to the affected individuals’ credit cards, users whose accounts had been compromised were left holding the bag. This is made possible by one of the unique features of the Nifty Gateway network, which enables customers to charge purchases to both credit cards and cryptocurrency wallets.

8 – Premint Marketplace Hacked

Premint NFT marketplace faced one of the biggest NFT hacks of all time. Malicious criminals took advantage of the well-known NFT registration and made off with 320 different stolen Non-Fungible Tokens and more than $400,000.

Information concerning Premint’s hack was laid out to the public by a blockchain security company known as CertiK.

The hack was executed using a malicious JavaScript code. As an additional security step, the hacker built a pop-up within the website asking visitors to confirm their wallet ownership. Following their swift realization that the pop-up was fraudulent, numerous users instantly took to Twitter and Discord to alert others not to follow its directions. However, the attackers had already tricked several Premint clients within minutes.

Popular collectibles such as Bored Apes, Otherside, Moonbirds Oddities, and Goblintown were among the stolen NFTs. After obtaining these NFTs, the hackers started selling them on platforms like OpenSea; one stolen Bored Ape brought 89 ETH, or around $132,000, for its owner. The sale of 302 stolen NFTs throughout Sunday brought in 275 ETH, or well over $400,000 for the hackers.

According to Certik, the hackers kept hold of 18 unsold NFTs. The hackers then sent the money to a site called Tornado Cash, which combines and mixes the cryptocurrency deposits of multiple users, effectively erasing the digital traces that blockchain transactions generally leave behind. Malicious hackers routinely employ blending solutions like Tornado Cash to launder stolen virtual currencies.

9 – Renowned Hacker Monkey Drainer

The NFT Drainers contract tricks victims into transferring their NFTs to attackers when the victim links their wallets to attack vectors such as websites. The victims are deceived for legitimate reasons, like complimentary mints or access to a whitelist.

Due to its involvement in phishing scams, Monkey Drainer Contract has recently made headlines. More than $1 Million has been stolen from the digital markets. Monkey Drainer Contract’s participation in spoofing operations has spooked the NFT and crypto communities. Over $1 million has been stolen thanks to the contract.

Monkey Drainer is a well-known attacker renowned for his extraordinary hacking programming skills. The hacker recently caused mayhem in the NFT market after illegally obtaining seven Crypto Punk NFTs and twenty Otherside NFTs valued at around $800,000. On-chain detective ZachXBT made the information public.

PechShield, a blockchain security firm, also revealed that malicious hackers who executed the attack utilized a wallet known as Monkey Drainer to commit the crime and drain the tokens.

10 – Lympo NFT Platform Compromised

Lympo, a Lympoca Brands subsidiary and a sports Non-Fungible token (NFT) minting platform, experienced a hot wallet cyber-attack and lost millions of LMT tokens valued at millions of dollars at the time of the theft.

According to a brief Blog update on the Medium blogging platform from the Lympo team, hackers accessed Lympo’s active hot wallet on Monday and stole a total of about 165.2 million LMT from it.

The report claims that the hack compromised ten separate project wallets. Most of the illegally seized tokens appeared to have been routed to a single address, exchanged for Ether ETH tickers down $1,174 on Uniswap and SushiSwap, and then sent elsewhere.

Final Thoughts

The NFT market has faced massive hacks amounting to millions of dollars. However, this seems not to change the bullish sentiment on the ecosystem displayed by luxury, toy, clothing, airlines, and automobile brands flooding the space.

For each successful or unsuccessful attack, the industry becomes more knowledgeable and reforms are put in place to ensure the technology is safer and secure. The crypto community hopes for a safer environment and yearns for a bullish recovery.