Hacker bypasses Instagram’s two-factor authentication
The creators of the collection make sure that the Bored Ape Yacht Club Instagram account is secured with: two factor authentication. This security makes it possible to guarantee the authenticity of a user, usually by means of two different pieces of information: a password along with a code sent via SMS or email.
“Two-factor authentication was enabled and security surrounding the Instagram account was optimal. We have regained control of the account and are investigating how the hacker gained access”, detail the persons responsible for the collection. How hackers took control of the Instagram account remains an absolute mystery for now.
For Paul Walsh, computer security expert and CEO of MetaCert, the offensive “reverse proxy phishing attack”. In such an operation, the hacker recovers “sensitive information such as credentials and passwords.” As well as the code sent by Instagram via SMS or email.
It can then be linked to the account without any difficulty. “The reverse proxy also collects 2FA tokens when requested by the website. Attackers can then collect these 2FA tokens in real time to access victim accounts.explains the expert, leading one of the members of the BAYC team to be targeted by this type of attack.
This is not the first scammer hacking communication channel To steal NFTs from the Bored Ape Yacht Club. In early April, the collection’s Discord server was hacked. The criminal only managed to capture a single certified digital work on the blockchain before the BAYC team took action.
