Hackers redirected The Sandbox followers to a fake raffle giveaway URL and even tried to rent Bored Ape NFTs from Instagram users.
Metaverse platform The Sandbox saw its Instagram profile hacked and used to try and rent out Bored Ape Yacht Club nonfungible tokens (NFTs) from a number of users on the social media platform.
The voxel-powered NFT platform’s profile was compromised by hackers on Thursday, promoting a fabricated raffle ticket event that touted a season 4 LAND giveaway to unsuspecting users.
The firm indicated that its two-factor authentication and other security measures had been bypassed to promote the fake giveaway. The profile’s website URL was changed, with one user claiming to have lost NFTs after clicking the fake link.
Cointelegraph managed to follow the link to the fake website — which prompts users to connect web-based wallets for a chance to win the fraudulent raffle.
In a bizarre twist, Sandbox co-founder and chief operating officer Sebastien Borget revealed that the hackers then reached out to a number of users on Instagram with Bored Ape Yacht Club profile pictures in an attempt to “rent” out the NFTs — offering 40 Ether (ETH) to use the BAYC NFTs for 24 hours.
Instagram account recovered. The hacker tried to rent Bored Apes Yacht Club NFTs – using our account. We would NEVER ask via DM and have contacted all users to notify them. https://t.co/1DRFR3JlIq pic.twitter.com/CKQWfVBTNF
— Sebastien (@borgetsebastien) September 8, 2022
According to Borget, The Sandbox managed to recover control of its Instagram account a few hours later, while stories promoting the fake giveaway were still live on the account at the time of publishing (4:00 pm EST).
The NFT-powered Metaverse platform has collaborated with major brands and celebrities since its Alpha launch in November 2021. The likes of Paris Hilton and Snoop Dogg have partnered with the platform, while notable clothing retailers like Adidas launched NFTs wearables that are compatible with The Sandbox and other Metaverse platforms.
The Sandbox team told Cointelegraph that it is working with Instagram’s security team to complete a security review and audit of the incident and would not be drawn to comment further until more details are known.
Users affected by the incident can contact The Sandbox team through its support channel by emailing email@example.com.