Yuga Labs has suffered another attack on its Discord server. As a result, hackers managed to steal around $380k worth of Bored Apes NFTs, with the project’s founder later blaming Discord for the lack of security.
Analyst OKHotshot first reported the hack on Twitter, saying that hackers got access to Discord servers after compromising the account of Yuga Labs community manager Boris Vagner.
Intruders used it to post phishing links on official Discord channels of the Bored Ape Yacht Club (BAYC) and its metaverse side project Otherside. They accessed users’ accounts by offering them an exclusive giveaway.
OKHotshot estimated that over 145 ETH (around $275k) was stolen from users. According to a follow-up post by PeckShieldAlert, hackers stole around 32 NFTs, including 1 BAYC, 5 Otherdeeds, 2 MAYC, and 1 BAKC.
For anyone interested here’s my May ‘22 data on Discord breaches
These breaches won’t go away anytime soon so please take proper security measures and stay vigilant https://t.co/Iaovt4GJuW
— OKHotshot (@NFTherder) June 4, 2022
Yuga Labs later confirmed the news, saying that around 200 ETH (around $380k) worth of NFTs were impacted by the hack. “The team caught and addressed it quickly,” the message reads, adding, “As a reminder, we do not offer surprise mints or giveaways.”
BAYC founder Gordon Goner claimed that Discord isn’t working for Web3 communities, saying that “we need a better platform that puts security first.” However, crypto entrepreneur Steve Fink noted that people shouldn’t blame Discord for this.
you didn’t lose your NFT because you used Discord
you lost your NFT because you signed a malicious transaction with your key
stop blaming Discord, another client won’t save you from repeating the same mistakes
— evets.eth ⌐◨-◨ (@stevefink) June 4, 2022
This is the second attack on the BAYC in two months. Earlier this year, hackers compromised the project’s Discord and Instagram accounts, stealing around $13 million worth of NFTs.