SNEAK PEEK
- BAYC Discord server was hacked, with the attacker making off with 200 ETH.
- The attackers stole One BAYC and two Mutant Apes tokens.
- The hack resulted from a phishing attack on the Discord account of Boris Vagner, the project’s community manager.
Bored Ape Yacht Club’s servers were hacked over the weekend; thereby, causing a loss of up to 200 ETH, which amounts to a hefty price of $360,000. According to data from blockchain security firm PeckShield, in the fraud, one BAYC and two Mutant Apes tokens were stolen.
Possible reason behind the attack was a phishing attack on Boris Vagner, the project’s community manager’s Discord account. Vagner’s login credentials were used by the attacker to post false links in the Discord channels of the official BAYC and its linked metaverse project, Otherside.
The breach was first noticed by Twitter user NFTherder who traced the stolen assets to four separate wallets worth an estimated 145 ETH.
🚨BAYC & OtherSide discords got compromised‼️
Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen
Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W
— OKHotshot (@NFTherder) June 4, 2022
Yuga Labs, the creators of BAYC and the Otherside metaverse confirmed the attack through a tweet on their Twitter account.
Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at discord@yugalabs.io.
— Bored Ape Yacht Club (@BoredApeYC) June 4, 2022
Investigating the hack, Yuga Labs has warned its potential customers about the contents of these phishing messages. In a tweet, Yuga Labs clarified not offering surprise mints or giveaways.
As a reminder, we do not offer surprise mints or giveaways.
— Bored Ape Yacht Club (@BoredApeYC) June 4, 2022
Vagner is also his brother’s manager who is the Grammy-winning multi-instrumentalist Richard Vagner and co-founder of an NFT fantasy football club called Spoiled Banana Society (SPS) with Boris.
Also Read: $350,000 Worth Bored Ape NFT Sold for Just $115
Richard said that the attacker posted a phishing link in the SPS Discord channel, though the message was then deleted.
Posting a tweet, he shared the update and asked the users to stay safe.
We were hacked an hour ago hopefully no one clicked any links. We’ve got back control of the discord and Boris’s account. Thank god he didn’t delete the server. Bayc & Otherside discord was also hacked pls stay safe 🙏🏼
— Spoiled Banana Society (@SBS_XYZ) June 4, 2022
Richard Vagner further said:
We’ll be getting all the tabs back up in the following days & let us know if there’s anything else he messed with.
In the same SBS Discord message Richard confirmed that the BAYC and Otherside Discords were also hacked. He wrote, “pls stay safe.”
Responding to the incident that happened on Saturday, one BAYC founder blamed Discord for the lapse in security and tweeted:
Discord isn’t working for web3 communities. We need a better platform that puts security first.
— GordonGoner.eth (@GordonGoner) June 4, 2022
Whereas, another crypto project founder blamed the users themselves for compromising their wallets and tweeted:
you didn’t lose your NFT because you used Discord
you lost your NFT because you signed a malicious transaction with your key
stop blaming Discord, another client won’t save you from repeating the same mistakes
— evets.eth ⌐◨-◨ (@stevefink) June 4, 2022