6 June 2022

by Glenn Kaonang

Bored Ape Yacht Club Discord Gets Hacked, Loses $380,000 Worth of NFTs in Phishing Attack

This is the third time scammers successfully stolen BAYC NFTs in two months

Scams and fraud are major problems in the NFT world, and they continue to traumatize people in the ecosystem. Recently, one of the most coveted NFT collections Bored Ape Yacht Club (BAYC) got its Discord server hacked, resulting in a serious amount of high-value NFTs being stolen.

News of the hack was first reported by Twitter user NFTherder. According to the user's investigation, the attack happened shortly after BAYC's community manager, Boris Vagner, had his Discord account compromised. After gaining unrestricted access to Vagner's account, scammers then proceeded to share various phishing links on the official BAYC Discord channel. The attacker also managed to perform the same tricks on the official channels for Mutant Ape Yacht Club (MAYC), and Yuga Labs' metaverse project, the Otherside.

BAYC's Twitter account later confirmed the news, and said that the attacker was able to steal about 200 ETH ($380,000) worth of NFTs. The impact was even worse than what was estimated initially: 145 ETH ($275,000), made of 32 NFTs, including 1 BAYC, 2 MAYC, 5 Otherdeed, and 1 Bored Ape Kennel Club (BAKC), according to data from blockchain security firm PeckShield.

Yuga Labs said that it's currently still investigating the incident, which involved tricking holders into taking part in giveaways and surprise mints. The company reminded people not to fall into this type of deception as it does not offer giveaways or surprise mints.

CoinDesk noted that this is the third time that someone has successfully stolen NFTs by impersonating someone at Yuga Labs. The first was back on April 1, when a bad actor managed to post a phishing link on the official Mutant Ape Yacht Club Discord channel and steal one MAYC NFT. The second one happened on April 25 and had an even greater impact, with claims of more than 50 BAYC and MAYC NFTs being stolen.

Who's to blame for this kind of attack is still up for debate, as the parties involved in it made mistakes of their own. However, BAYC and Yuga Labs cofounder Gordon Goner blamed Discord for not prioritizing security for web3 communities.