YugaLabs (the company behind BAYC and other NFT collections) Instagram account was hacked last year and this led to few users losing their money in phishing scams. According to various reports, upto $3 Million was lost in this attack, as attackers started posted phishing links from the hacked account and dumb followers aped into it.
It turns out the cause of the hack was the password that Yuga Labs had set on their IG Account: “123456789a“
This was revealed in a recent OSINT exposé:
They used such basic passwords for their accounts
A lot of email addresses from Yuga labs official domains have appeared in pwned list indicating they have been compromised. Yuga also had multiple discord hacks where attackers managed to get into the main BAYC discord and posted phishing links, leading to users there losing their apes.
As per an Aug 2022 report, $13.5 million worth Apes were stolen till then in various scams associated with BAYCs: https://www.artnews.com/art-news/news/bored-ape-yacht-club-nfts-stolen-2022-13-5-million-1234637674/