Apologies if this has already been laughed at:
https://www.theblockcrypto.com/post/143328/bored-ape-instagram-account-hacked-nfts-worth-2-8-million-stolenWhen the Instagram account was accessed, it was used to post a fake update claiming there was a LAND airdrop and users had to connect their wallets to claim the airdrop. This was taking advantage of the Bored Ape roadmap, which includes a metaverse game that will contain virtual land. When users connected to their wallets — and likely approved a transaction — the website stole their NFTs.
This has all the greatest hits of shitcoining - airdrop, instagram, metaverse, connecting wallets to random websites, NFTs... this "hack" is a work of art, pun intended.
Every single one of these phishing expeditions prompts to approve a transaction "Set approval for safe transfer" starting with the highest value NFT selected. You only have to check the data and see you are simply transferring token "X" to account "0x...", rather than harmlessly signing verification of ownership, which is all that would be needed for an airdrop or otherwise. The fact official instagram or twitter accounts are hacked shouldn't be that relevant compared to simply
verifying the tx you are approving. It's many collectors have absolutely no idea what they are actually doing.
Then collectors whine and complain because they unknowingly sent their tokens to a hacker, simply because they didn't check the transactions they were making
I enjoy connecting metamask to these phishing websites to have a look at the hacker's wallet addresses, just to see how many people have already fallen for it. Clearly many collectors trust social media accounts more than they verify blockchain transactions.
Make no mistake, these "hacks" all require approving transactions/signatures. Simply connecting wallet shares public keys in order to prompt transactions, ie doesn't require any signatures.
This technique reminds me of the Bitcoin Gold phishing attack back in 2017:
"Just put your BTC private keys into our super secure wallet for free money pls sir". So many people fell for that one...