Yuga Labs’ Mailchimp account hacked; NFTs claim to be secure


  • Yuga Labs’ account was hijacked due to a breach of email service provider Mailchimp.
  • The NFTs were secure, Yuga Labs informed its community.
  • The firm tweeted that it continues to investigate the problem.

A recent data breach at the email platform and marketing company Mailchimp led to the account of Yuga Labs being compromised. On January 19, the well-known NFT firm behind Bored Ape Yacht Club, Cryptopunks, Meebits, and other projects tweeted about this.

Even though Yuga Labs acknowledged that it had only occasionally and for “limited purposes” used the service, it still thought it best to make this information public. Unauthorized actors may have accessed our data, but no data appears to have been exported.

Additionally, Yuga Labs disclosed that the Mailchimp account’s data only came from a small-scale email campaign. It was unrelated to the actual minting of NFTs.

The business informed the community that it would only contact relevant people using a Yuga Labs email account if they thought their data had been affected. They highlighted the need for consumers to exercise caution.

“We continue investigating this problem and will contact you from Yuga Labs if we suspect your data was affected by the Mailchimp incident.” tweeted by Yuga Labs

In the NFT field, Yuga Labs has innovated with new developments. All owners of BAYC and MAYC will receive a free claim for a sewer pass, an NFT collection that the firm just made public.

The business also introduced Dookey Dash, an infinite runner game requiring users to have a sewer pass. Naturally, after the announcement, the project’s sales soared. The Sewer Pass NFT collection garnered nearly $6 million in just a few hours.

Security for Mailchimp found that the compromise happened on January 11. It started acting shortly after, alerting those affected the next day. Numerous clients were impacted in total.In reality, this is Mailchimp’s second hack in the last six months. Thus, it is not the first. Last time, the attacker employed social engineering to acquire access, and the impacted accounts were mainly tied to bitcoin and finance.