<p><span style="font-weight: 400;">At least 35 NFTs have been stolen due to a widespread phishing attack involving hacked Twitter accounts, according to data from blockchain analytics company Elliptic.</span></p> <p><span style="font-weight: 400;">Scammers have made off with at least $900,000 in NFTs over the past week, per Elliptic. Five of the stolen items were Bored Ape, Mutant Ape or Bored Ape Kennel Club NFTs, and nine high profile individuals have reported falling victim to the attack. </span></p> <p>Earlier this month, BAYC <a href="https://www.theblockcrypto.com/linked/138156/apecoin-tied-to-bored-ape-nft-ecosystem-debuts-with-planned-community-airdrop">launched an airdrop</a> of ApeCoin tokens for Bored and Mutant Ape NFT holders. For this attack, scammers <span style="font-weight: 400;">hacked multiple verified Twitter accounts in order to promote links to a URL impersonating an ApeCoin token airdrop site. Some of the Twitter accounts had more than 50,000 followers.</span></p> <p><span style="font-weight: 400;">Unsuspecting victims who clicked on the phishing links included both BAYC NFT owners and non-holders willing to cough up 0.33 ETH ($1,130) to take part. However, instead of registering for the chance to claim ApeCoin tokens in a new airdrop, they found themselves faced with malicious code that gave the scammers access to their wallet.</span></p> <p><span style="font-weight: 400;">“The tweet looked strange, but this is someone that I had actually followed [previously] so I didn’t overthink it... I clicked the link in the tweet and was immediately prompted to connect my wallet, which I did not do,” explained Aaron Cadena, co-founder of NFT-themed vaping company Gutter Bars, in a </span><a href="https://twitter.com/aarontcadena/status/1505951034404794373"><span style="font-weight: 400;">tweet thread</span></a><span style="font-weight: 400;"> detailing how his #2017 and #2904 Gutter Cats were taken.</span></p> <p><span style="font-weight: 400;"> </span><span style="font-weight: 400;">“After clicking cancel, the prompt kept popping up over and over again. I clicked cancel a few more times, then caught onto what was happening and tried leaving the site but my screen was locked.”</span></p> <p><span style="font-weight: 400;">Cadena describes how, despite force quitting the browser, he received a notification that two assets had been transferred from his wallet.</span><span style="font-weight: 400;"> </span></p> <p><span style="font-weight: 400;">“It felt like a punch in the gut. I’m not sure how this was done since I never connected my wallet,” he said, adding that third parties later agreed to sell the NFTs back to him at cost. “After this whole ordeal, I’ll be out 20 ETH, which sucks, but it could’ve been a lot worse.”</span></p> <p><span style="font-weight: 400;">AnChain.ai, which </span><a href="https://twitter.com/AnChainAI/status/1506383459111124992"><span style="font-weight: 400;">published a separate breakdown</span></a><span style="font-weight: 400;"> of the scam, said that “the fact that hacked verified accounts are not triggering Twitter’s spam detection when using a script to push out multiple tweets per second is absurd.”</span></p> <p><span style="font-weight: 400;"> </span><span style="font-weight: 400;">Twitter has not responded to requests for comment by press time.</span></p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>