- An NFT collector lost one Bored Ape and two Mutant Apes worth over $570,000 to the scam swap.
- The marketplace where the swap happened says it is working to improve the platform to prevent future scams.
A Bored Ape Yacht Club (BAYC) NFT holder has lost multiple NFTs, including a “bubble gum ape” after they were tricked into exchanging valuable pieces for worthless PNGs in a fake swap transaction.
BAYC #1584 is one of the 119 bubble gum apes (ape blowing a bubble gum) and has a rarity score of 111.99 out of 10,000, according to Rarity Tools. That implies it is relatively uncommon.
The victim entered into a direct swap trade with the scammer via a third-party service called swapkiwi. Unlike regular marketplaces like OpenSea, platforms like swapkiwi allow direct NFT swaps between collectors, reducing transaction ("gas") fees.
Unknown to s27, the other participant in the trade put up knock-off NFTs in exchange for s27’s legitimate Bored Ape and Mutant Apes. The scammer used images of actual Bored Apes to create fake replicas and uploaded the same ones to OpenSea.
According to 0xQuit, the attacker took advantage of the way swapkiwi displays verified NFTs. Since the checkmark appears within the image, scammers can spoof this verification by simply taking an image of a Bored Ape and editing a checkmark onto it.
Following the exchange, s27 received worthless pictures while the scammer made away with NFTs worth at least $570,000.
The rogue actor has since sold the bubble gum ape for 98 ETH ($337,000), which is significantly lower than the current BAYC floor price of 111 ETH ($382,000). Both Mutant Ape derivatives stolen in the fake swap transaction have also been sold off at prices lower than the floor price for the collection.
In response to the incident, swapkiwi has published a statement saying that it was working on improvements to its platform to prevent future occurrences.
The incident marks another case of a high-value NFT owner falling victim to social engineering hacks. While poor UI/UX on the part of NFT platforms is partly to blame, the situation is another reminder that web3 participants should be security conscious.
BAYC holders, along with other bluechip NFT collectors are likely to remain targets for rogue actors given the value of the possessions.