Bored Ape Yacht Club Discord reportedly compromised in $250,000 NFT phishing attack
Bored Ape Yacht Club Discord compromised in $357,000 NFT phishing attack
The server was also compromised at the start of April.
Less than two months after someone compromised the official Bored Ape Yacht Club Instagram account to steal $2.4 million worth of NFTs, BAYC creator Yuga Labs is again facing questions about its security measures. In the early hours of June 4th, a scammer carried out a phishing attack that netted them 200 Ethereum worth of NFTs, according to Web3 is Going Great. After obtaining the login credentials of a community manager, the hacker reportedly used the official Bored Apes Discord to promote a fake giveaway exclusive to holders of Bored Ape, Mutant Ape and Otherside NFTs.
“Do not mint through ANY other websites,” the announcement said after linking to the website the hacker used to steal the NFTs. “This is the only official site!” According to data from blockchain security firm PeckShield, one BAYC and two Mutant Apes tokens were stolen in the scam. At the current Ethereum exchange rate, the entire trove is worth more than $357,000.
“Our Discord servers were briefly exploited today,” said Yuga Labs. “The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted.” The company said it was still investigating the incident. The BAYC Discord, among a handful of other servers tied to high-profile NFT projects, was also hacked at the start of April when a bad actor compromised the CAPTCHA bot Yuga Labs used to deter spammers.
Update 8:46PM ET: Added comment from Yuga Labs and updated theft estimate.
Less than two months after someone compromised the official Bored Ape Yacht Club Instagram account to steal $ 2.4 million worth of NFTs, BAYC creator Yuga Labs is again facing questions about its security measures. In the early hours of June 4th, a scammer carried out a phishing attack that netted them 32 NFTs worth approximately 142 Ethereum, according to Web3 is Going Great. After obtaining the login credentials of a community manager, the hacker reportedly used the official Bored Apes Discord to promote a fake giveaway exclusive to holders of Bored Ape, Mutant Ape and Otherside NFTs.
??BAYC & OtherSide discords got compromised??
Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen
Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W
— OKHotshot (@NFTherder) June 4, 2022
“Do not mint through ANY other websites,” the announcement said after linking to the website the hacker used to steal the NFTs. “This is the only official site!” According to data from blockchain security firm PeckShield, one BAYC and two Mutant Apes tokens were stolen in the scam. At the current Ethereum exchange rate, the entire 32 NFT trove is worth approximately $ 256,000.
We’ve reached out to Yuga Labs for comment. The company has yet to share an official statement on the incident – though it quickly locked down the Bored Apes Discord after the scam took place. The server, among a handful of other ones tied to high-profile NFT projects, was also hacked at the start of April when a bad actor compromised the CAPTCHA bot Yuga Labs used to deter spammers.
(44)
