Several Discord servers have recently been hacked, including the one used by the Bored Ape Yacht Club. Scammers appear to have taken NFTs worth roughly 200 Ethereum, and one of the creators of the popular BAYC collection is furious.
Phishing hackers continue to defraud NFT collectors, and members of the Bored Ape Yacht Club appear to be among their primary targets.
According to on-chain expert OKHotshot, the hack was carried out by first compromising Boris Vagner, the Yuga Labs community manager’s Discord account. The hackers then took advantage of their unrestricted access to post phishing links on the BAYC, Otherside, and Mutant Ape Yacht Club (MAYC) channels. A total of 200 ETH (equal to $363,000 at press time) was stolen.
The business behind the $4 billion Bored Ape Yacht Club (BAYC) collection, Yuga Labs, said it was looking into the attack. However, Gordon Goner, a BAYC creator, chastised Discord for its lack of security.
“Discord isn’t working for web3 communities. We need a better platform that puts security first.”
Others, on the other hand, feel the incident was caused by BAYC discord users.
OKHotshot said: “Don’t blame Discord for users getting socially engineered, having DMs open, and clicking phishing links. Use the tool correctly first before blaming it.”
Unfortunately, Saturday’s phishing attack is just the most recent in a series of identical phishing attacks that have targeted the NFT community.
Because of the high value of the NFTs, hackers have especially targeted members of the Bored Ape Yacht Club. For example, on April 25, a malicious actor took over BAYC’s official Instagram account and uploaded fake links that tempted followers to pay over $2.7 million in NFTs.
The Bored Ape Yacht Club’s Discord channel had been hacked a few weeks before, and the criminals made off with NFTs from BAYC as well as a variety of other collections.
In general, NFTs have sparked a digital creative revolution. As they grow in popularity, opportunists find new ways to profit at the expense of the NFT community. To avoid becoming a victim of these attacks, users must be vigilant.