BAYC Instagram Hack Steals .8 Million in NFTs as Otherside Hype Reaches Fever Pitch

The Artist’s Journey

By late April 2022, Yuga Labs had transformed the Bored Ape Yacht Club from a niche digital art experiment into the most recognizable brand in the NFT universe. What began in April 2021 as a collection of 10,000 algorithmically generated ape illustrations had evolved into a cultural phenomenon spanning celebrity endorsements, merchandise partnerships, and mainstream media coverage. The floor price for a Bored Ape hovered around 100 ETH — roughly $273,000 at Ethereum’s April 30 price of $2,730. The Mutant Ape Yacht Club collection, a spin-off launched in August 2021, commanded floor prices around 22 ETH ($60,000). Combined, the BAYC ecosystem represented billions in market capitalization and had attracted owners including Jimmy Fallon, Paris Hilton, and Post Malone.

Yuga Labs had been teasing its next major project, Otherside, with a cinematic trailer released in March. The crypto community widely believed Otherside would be a metaverse platform, and anticipation had been building for weeks toward an expected April 30 launch. The excitement was palpable: OpenSea had just acquired NFT aggregator Gem to expand its marketplace capabilities, and social NFT collections were hitting all-time highs in market capitalization according to Nansen’s NFT-500 index. The NFT market was thriving, and Yuga Labs stood at its center.

Collection Mechanics

The hack exploited the most powerful weapon in any attacker’s arsenal: timing. On April 25, the official Bored Ape Yacht Club Instagram account was compromised. The attackers posted a malicious link promoting what appeared to be a free NFT land airdrop tied to the upcoming Otherside metaverse launch. The fake website closely mirrored Yuga Labs’ official branding and urged users — even those who didn’t own a Bored Ape — to connect their MetaMask wallets to claim free Otherside land parcels. The timing was nearly perfect: with the Otherside launch imminent and the community buzzing with anticipation, the fraudulent post looked legitimate to unsuspecting holders.

Once victims connected their wallets, a safeTransferFrom attack executed, transferring NFTs directly from users’ wallets to the attacker’s address. Unlike typical phishing scams that ask users to sign a malicious transaction, this exploit leveraged the wallet connection itself to initiate unauthorized transfers. The technical sophistication of the attack suggested premeditation and a deep understanding of the BAYC community’s behavior patterns.

Utility & Perks

What made the hack particularly devastating was the caliber of assets stolen. A total of 91 NFTs were taken, with a combined value of approximately $2.8 million at the time. According to blockchain investigator zachxbt, the stolen haul included four Bored Ape Yacht Club NFTs, seven Mutant Ape Yacht Club NFTs, and three Bored Ape Kennel Club NFTs. Individual Bored Apes at the floor were worth over $270,000, with rarer specimens commanding significantly more. These weren’t just digital images — each Bored Ape carried commercial usage rights, granting owners the ability to create derivative products, license the artwork, and build brands around their specific ape.

Yuga Labs confirmed the incident on Twitter the same day, posting: “There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.” The company issued a formal statement explaining that the hacker had posted a “fraudulent link to a copycat of the Bored Ape Yacht Club website” and that they were working to establish contact with affected users. But the damage was already done.

Secondary Market Action

The broader NFT market on April 30, 2022, presented a mixed picture. While social NFT collections had been hitting all-time highs in market capitalization, art and metaverse collections had been trending downward for several weeks according to Nansen’s NFT-500 index. The Bitcoin price at $37,715 and Ethereum at $2,730 represented a pullback from earlier monthly highs, with both assets showing 3-5% weekly declines. This broader market softness added uncertainty to an NFT ecosystem already grappling with security concerns.

Meanwhile, another NFT disaster had unfolded over the same weekend. The highly anticipated Akutar NFT launch suffered a smart contract error that permanently locked $34 million in mint proceeds. The funds became irretrievably stuck in the contract due to a coding flaw, meaning the creators could never access the money raised from their own community. Two major NFT incidents in the same week — one a social engineering attack, the other a technical failure — underscored the growing pains of a rapidly expanding market. OpenSea’s acquisition of Gem signaled institutional confidence in the space, but the security infrastructure remained dangerously thin.

Final Verdict

The BAYC Instagram hack crystallized a central tension in the NFT space: the assets themselves lived on a theoretically unhackable blockchain, but the social and institutional infrastructure surrounding them remained deeply vulnerable. A single compromised social media account, timed to coincide with the most hyped product launch in NFT history, was enough to extract nearly $3 million from a community that considered itself sophisticated. The attack demonstrated that as NFT valuations soared into the hundreds of thousands per piece, the security practices of both creators and collectors hadn’t kept pace. Instagram accounts didn’t have hardware key authentication. Community members clicked links without verifying sources. And the tools available to reverse or freeze stolen NFTs remained rudimentary.

For Yuga Labs, the hack was a reputational hit but not a fatal one. The Otherside project would proceed, and the BAYC brand would endure. But the incident served as a warning that the NFT ecosystem’s most expensive assets were being protected by some of its weakest infrastructure. The gap between what these digital assets were worth and how they were secured would need to close — or the next attack would make $2.8 million look like a rounding error.

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Always conduct your own research before making investment decisions.