YugaLabs (the company behind BAYC and other NFT collections) Instagram account was hacked last year and this led to few users losing their money in phishing scams. According to various reports, upto $3 Million was lost in this attack, as attackers started posted phishing links from the hacked account and dumb followers aped into it.
It turns out the cause of the hack was the password that Yuga Labs had set on their IG Account: “123456789a“
This was revealed in a recent OSINT exposé:
They used such basic passwords for their accounts
A lot of email addresses from Yuga labs official domains have appeared in pwned list indicating they have been compromised. Yuga also had multiple discord hacks where attackers managed to get into the main BAYC discord and posted phishing links, leading to users there losing their apes.
As per an Aug 2022 report, $13.5 million worth Apes were stolen till then in various scams associated with BAYCs: https://www.artnews.com/art-news/news/bored-ape-yacht-club-nfts-stolen-2022-13-5-million-1234637674/
Apes lol
That “a” at the end man, can imagine who set the password and thinks it is uncrackable with that letter.
I honestly wish I was surprised
Imagine randomly guessing the password to one of the biggest NFT collections page.
I’m split between it was inside job no way someone is this stupid vs believing that yes people are that stupid
Not surprising really. People in high level positions have been known to compromise security out of convenience. The CIA would set their password as password1234 for all kinds of internal things. Even for an in-house network, it’s pretty ridiculous given their status.
https://nitter.net/Snowden/status/1610650914934636549
That’s amazing. I’ve got the same combination on my luggage.
E: 😂 This is a quote from the movie Spaceballs.
Would have been more interesting if password was – mentalmiget (all lowercase)
That ‘a’ instead of ‘9’ shows real intelligence
Safu password
Not a shocker. i’ve once read a study that showed “123456789” being the most used password amongst users.
That beign said, it’s so dumb having such a weak password specially when it comes to money.
How do you know my vault password?
If you’re half arsed with security your just inviting hackers and scammers to compromise the funk out of you.
Would have thought adding an “a” at the end would have made it impossible to hack
Holy fuck. Company with billions in value has the password as 12345678a. Fuck me im in disbelief
Baffling really.
Well, 12345678a is better password than password
This is probably the reaction of the hacker at the exact moment he got into this account…
You would’ve supposed that these guys are somehow tech savvy and wouldn’t do such a rooky mistake. But of course there’s always the chance this is an inside job.
I have harder WiFi hotspot password than this.
People really don’t give a shit about their security or passwords lol.
Shouldve added a special character smh. Rookie mistake
And one wonders why many don’t take crypto seriously
Now people will start using these easy passwords to hack famous accounts on SM.
Maybe someone will get lucky.
Stuff like this makes me want to see more about the companies we trust. I really want to know more about Binance, Coinbase and Lido’s data security. I can’t assume people aren’t morons anymore.
And this is why I always try that password when trying to hack accounts. This Redditor’s password is 12345678b.
It only takes one weak link in a chain. Its weird to forget so often that even massive companies are made up of just ordinary people who make big mistakes often
Why do you post a story from August last year
The a at the end adds so many layers of complexity
They stole my password.
Apparently companies care more about their time that their security
Hahaha too funny.
As other have said…there are plenty of “recent” cases on a variety of projects that had super simple passwords or left it at default…and these projects don’t have requirements to report a data breach…so they keep it a secret…and then people report they lost their crypto and they get the blame for not being careful
1, 2, 3, 4, 5, 6, 7, 8, 9, a? That’s amazing! I’ve got the same combination on my luggage!
Really gives you a sense of confidence and professionalism when you read this….
When will crypto stop being a nonstop clown show?
LoL $13M in Apes. Now those same NFTs are discounted for 99 cents and that makes them still overpriced. I do not feel sorry for anyone who has such a weak password. Discord has so many scammers on there too. They took a great gamer communication app and turned into a playground for scammers. Just read a story on Wired about week passwords. You would think in this day and age it would be common knowledge. Think of it as a stupid tax.
This seems awfully convenient lol.
noobs dont know BITWARDEN
What OSINT expose are you referring to?
Is keepass software that difficult to use ?
They didn’t think it would last as long as it did.
We used to have Welcome01 for every new account and most people never changed that.
I bet they used that password in multiple places, too. One poor security practice implies others.
If only they had used 12345678a$ this probably never would have happened!