Hackers have stolen cryptocurrency and non-fungible tokens (NFTs) after compromising a Discord server run by Yuga Labs Inc., the creator of leading NFTs such as the Bored Ape Yacht Club.
The attackers hacked the account belonging to Yuga Labs Community and Social Manager Boris Vagner. By gaining access to Vagner’s account, the hackers posted phishing links in both the official BAYC and the Otherside Discord channels.
The phishing messages, pretending to be from Vagner, promised an exclusive giveaway with a message that only those holding BAYC, Mutant Ape Yacht Club and Otherside NFTs could participate. The holders were then sent to a phishing site that asked users to enter their login details. Once the login details were handed over, the attackers then stole all Ethereum and NFTs held in the account’s linked wallet. Access to the Discord server was eventually returned to Yuga Labs but not before the damage was done.
The official Twitter account of BAYC reported that the stolen NFTs were worth around 200 ETH or $361,000. those behind the attack stole an estimated 145 Ethereum worth approximately $250,000 and 32 NFTs.
Gordon Goner, one of the founders of BAYC, blamed Discord for the compromise. Gordon tweeted, “Discord isn’t working for Web3 communities. We need a better platform that puts security first.
Anton P, a security researcher at AtlasVPN, a freemium VPN tool that encrypts your online connection, said in the company’s official blog, “There are many servers on Discord dedicated to NFT creators, investors, and enthusiasts. Sadly, Discord hacking is one of the recent techniques for executing NFT scams. Essentially, hackers gain administrator-level access to Discord servers and post fraudulent messages to the communities.”
This isn’t the first time a Yuga Labs account has been compromised. In a nearly identical attack, in April the official Bored Ape Yacht Club Instagram account was compromised, stealing nearly $3 million worth of NFTs.
As NFT communities, that allow users to create and verify the ownership of virtual items by recording their sales and trades on blockchains continues to grow, so too does the number of bad actors hoping for a piece of this multi-million-dollar pie. As a result, NFT-related thefts are getting more and more expensive. In most cases, like this one, people have lost millions.
According to a report by Top10VPN, a global digital privacy and research group, NFT hacks have led to losses of almost $52 million in the first four months of 2022 alone compared with less than $7 million over the whole of 2021.