Some unfortunate owners of the highly valuable Bored Ape Yacht Club NFTs lost their assets yesterday.
The cybercriminals took advantage of a security lapse at the BAYC Instagram page, substituting the official link with one they controlled.
Using the domain YugaLabs.land, the criminals set up a page mimicking Yuga Labs, operators of the BAYC franchise. The official web site is at Yuga.com but also YugaLabs.io that forwards to the former.
YugaLabs.land – a fake lander designed to steal wallets
Once there, the call to action images prompted visitors to connect their wallet and take advantage of a supposed airdrop-a free transfer of tokenized crypto into their accounts. Instead of receiving free crypto, some lost thousands of dollars in NFT valuables.
Dot .land is a gTLD provided by TrueName Domains. About 22,000 .land domains exist, per nTLDstats.
That what happens when you are bored and you let your guards down.
Hopefully, their kissin cousins Angry Apes will go after the criminals.