When it comes to crypto hacks, it seems like it’s the same story every time. Scammers take advantage of a vulnerability in a blockchain’s design and make off with millions, like in the $600m-plus heist involving the play-to-earn NFT game Axie Infinity and the $77m theft that took place on Saturday on decentralised finance projects Rari Capital and Fei Protocol.

But a $3m hack last week involving nonfungible tokens from the popular Bored Ape Yacht Club (BAYC) universe exploited a different kind of weakness that isn’t unique to blockchain. 

Scammers infiltrated the NFT collection’s official Instagram account and posted a link to a fake website where users connected their crypto wallets for what they thought was an NFT launch. In reality, they had unwittingly opened themselves up to theft. When the actual launch happened on Saturday, users were again targeted when scammers posted links to fake websites that ended up cleaning users out of NFTs worth a collective $6.2m...