Because it is one of the most popular and expensive NFT collections globally, the Bored Ape Yacht Club is constantly the target of hackers and thieves. From individual NFT owners having their assets stolen to the collection’s official channels being targeted, it seems the attacks never stop coming.
The latest attack, unfortunately, saw the Bored Ape Discord server hacked and several NFTs stolen as a result. This comes just weeks after the Discord hack suffered a previous attack that also saw some assets being stolen.
A Second Strike
The official Yuga Labs Twitter account confirmed the attack on June 4, 2022, in a tweet that said, “Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at [email protected]”
The attack took place after Boris Vagner, the community manager for the Bored Ape Club, had his Discord account compromised. After this happened, fraudulent phishing links were posted on the official server for the Bored Ape, as well as Otherside, Yuga Labs’ metaverse project.
In the message posted by the hacker, it was claimed that following the success of the Otherside NFT sale, Yuga Labs was holding a giveaway to reward the community. A link was also added that claimed to let users mint their free NFT.
Image source: @NFTherder on Twitter
But as these scams often go, anyone who clicked the link was compromising their wallet and any assets within the wallet could be stolen. Unfortunately for the community, it has been estimated that about 200 ETH (roughly $360,000) was stolen in this attack.
Eventually, Yuga Labs was able to regain control of their Discord servers and delete the fraudulent messages.
“Hey @everyone we were hacked an hour ago hopefully no one clicked any links. We’ve got back control of the discord and Boris’s account thank god he didn’t delete the whole server. We’ll be getting all the tabs back up in the following days & let us know if there’s anything else he messed with,” said Richard Vagner, the brother of Boris Vagner, the community manager.
Where Does the Industry Go From Here?
Shortly after the news of the attack broke on social media, many NFT lovers expressed frustration at a second attack in the span of a few weeks, with some even suggesting that Discord be abandoned as a messaging channel for web3 projects.
Whether or not that actually happens, this, once again, brings up the topic of security within the NFT space. As Richard pointed out, the hacker could have deleted the entire BAYC server as well as stealing people’s NFTs.
NFT users have been sensitized in the past about not clicking random links from untrusted sources but what happens when the link is being shared by your own community manager?
Clearly, something needs to change, lest these attacks become even more common.