The famous Bored Ape Yacht Club’s (BAYC) discord account was compromised over the weekend, leading to a loss of up to 200 ETH, or around $360,000. According to information from blockchain security company PeckShield, the scam used one BAYC and two Mutant Apes tokens.
The fraudsters stole multiple NFTs totaling 200 ETH ($358,962) by using a malicious link disguised as a giveaway.
The hack occurred due to a phishing assault on Boris Vagner, the project’s community manager’s Discord account. The attacker exploited Vagner’s login details to publish fake links on the official BAYC and its associated Web3 project, Otherside’s Discord channels.
NFTherder, a Twitter user, was the first to uncover the compromise, tracking the stolen funds to four different wallets totaling an estimated 145 ETH (approximately $260,000).
Vagner also manages his brother, Grammy-winning multi-instrumentalist Richard Vagner, who co-founded the NFT fantasy football club Spoiled Banana Society (SPS) with Boris. According to Richard, the attacker also uploaded a phishing link on the SPS Discord channel, but the message was later removed.
Yuga Labs verified the attack on the official BAYC Twitter account, claiming that its Discord servers were momentarily compromised. “Around 200 ETH worth of NFTs seem to have been affected, “according to the tweet. “We are still researching, but if you were affected, please contact us at firstname.lastname@example.org.” It did so 11 hours following NFTHerder’s tweet.
This is the second time that Yuga Labs NFTs have been stolen in less than two months. According to the Fortune story, a bad actor was able to grab consumers’ funds in April after hacking the CAPTCHA bot Yuga Labs employed to dissuade spammers. The breach cost the corporation more than $2.8 million in NFTs (non-fungible token).
When someone successfully tricked actor Seth Green out of his Bored Ape Yacht Club NFT last week, he became a notable example of phishing attempts widespread in the NFT market.
The community is now questioning the integrity of the biggest and most popular NFT collection.
Yuga Labs is presently investigating the breach and is advising potential clients about the contents of these phishing scams: “As a reminder, we do not offer surprise mints or giveaways,” Yuga Labs tweeted.
Author: To The Verge Team
Our aim is to chase the future, innovations, and the latest trends of all things tech. We love to interact with industry experts, understand their diverse and unique perspectives, and spread their ideas.