BAYC YugaLabs Instagram account was hacked last year, and resulted in a $3m phishing. Turns out their password was “12345678a”

YugaLabs (the company behind BAYC and other NFT collections) Instagram account was hacked last year and this led to few users losing their money in phishing scams. According to various reports, upto $3 Million was lost in this attack, as attackers started posted phishing links from the hacked account and dumb followers aped into it.

It turns out the cause of the hack was the password that Yuga Labs had set on their IG Account: “123456789a

This was revealed in a recent OSINT exposé:

They used such basic passwords for their accounts

A lot of email addresses from Yuga labs official domains have appeared in pwned list indicating they have been compromised. Yuga also had multiple discord hacks where attackers managed to get into the main BAYC discord and posted phishing links, leading to users there losing their apes.

As per an Aug 2022 report, $13.5 million worth Apes were stolen till then in various scams associated with BAYCs: https://www.artnews.com/art-news/news/bored-ape-yacht-club-nfts-stolen-2022-13-5-million-1234637674/

reddit image

44 thoughts on “BAYC YugaLabs Instagram account was hacked last year, and resulted in a $3m phishing. Turns out their password was “12345678a””

  1. That “a” at the end man, can imagine who set the password and thinks it is uncrackable with that letter.

  2. Imagine randomly guessing the password to one of the biggest NFT collections page.

  3. I’m split between it was inside job no way someone is this stupid vs believing that yes people are that stupid

  4. Not surprising really. People in high level positions have been known to compromise security out of convenience. The CIA would set their password as password1234 for all kinds of internal things. Even for an in-house network, it’s pretty ridiculous given their status.

    https://nitter.net/Snowden/status/1610650914934636549

  5. That’s amazing. I’ve got the same combination on my luggage.

    E: 😂 This is a quote from the movie Spaceballs.

  6. Would have been more interesting if password was – mentalmiget (all lowercase)

  7. Not a shocker. i’ve once read a study that showed “123456789” being the most used password amongst users.

    That beign said, it’s so dumb having such a weak password specially when it comes to money.

  8. If you’re half arsed with security your just inviting hackers and scammers to compromise the funk out of you.

  9. Would have thought adding an “a” at the end would have made it impossible to hack

  10. Holy fuck. Company with billions in value has the password as 12345678a. Fuck me im in disbelief

  11. This is probably the reaction of the hacker at the exact moment he got into this account…

  12. You would’ve supposed that these guys are somehow tech savvy and wouldn’t do such a rooky mistake. But of course there’s always the chance this is an inside job.

  13. Now people will start using these easy passwords to hack famous accounts on SM.
    Maybe someone will get lucky.

  14. Stuff like this makes me want to see more about the companies we trust. I really want to know more about Binance, Coinbase and Lido’s data security. I can’t assume people aren’t morons anymore.

  15. And this is why I always try that password when trying to hack accounts. This Redditor’s password is 12345678b.

  16. It only takes one weak link in a chain. Its weird to forget so often that even massive companies are made up of just ordinary people who make big mistakes often

  17. Hahaha too funny.

    As other have said…there are plenty of “recent” cases on a variety of projects that had super simple passwords or left it at default…and these projects don’t have requirements to report a data breach…so they keep it a secret…and then people report they lost their crypto and they get the blame for not being careful

  18. 1, 2, 3, 4, 5, 6, 7, 8, 9, a? That’s amazing! I’ve got the same combination on my luggage!

  19. Really gives you a sense of confidence and professionalism when you read this….

  20. LoL $13M in Apes. Now those same NFTs are discounted for 99 cents and that makes them still overpriced. I do not feel sorry for anyone who has such a weak password. Discord has so many scammers on there too. They took a great gamer communication app and turned into a playground for scammers. Just read a story on Wired about week passwords. You would think in this day and age it would be common knowledge. Think of it as a stupid tax.

  21. I bet they used that password in multiple places, too. One poor security practice implies others.

Leave a Comment