The Bored Ape Yacht Club (BAYC) Discord server suffered yet another exploit this weekend. This time the attackers made away with Non-Fungible Tokens (NFTs) valued at about 200 Ethereum (ETH) as confirmed in a tweet by Yuga Labs.
A Twitter user with the handle OKHotshot first reported the theft. BAYC confirmed it about 9 hours later in another tweet.
Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at email@example.com.
— Bored Ape Yacht Club (@BoredApeYC) June 4, 2022
It added that affected users should firstname.lastname@example.org as investigations are still underway.
How the BAYC Discord Exploit Happened
As per the tweet by OKHotshot, a detective in the crypto community, the exploit was carried out through the Discord account of Boris Wagner, the NFT club’s Social Manager.
The compromised Wagner profile afforded the attackers access to the Discord channel of BAYC and OtherSide. The hackers then went ahead to post phishing links disguised as free mint for BAYC users.
Users who clicked the links, reportedly have their assets stolen. About 32 NFTs in total were lost in the exploit.
Other Discord Attacks
This attack is not the first for the blue-chip NFT. Its discord server and Instagram accounts in April were also hit twice. The attackers carted away priced assets of users on both occasions.
Likewise, the Popular play-to-earn NFT game Axie Infinity last month experienced an attack on its Discord server which led to the breach of its MEE6 bot. Popular NFT marketplace OpenSea investigated an attack targeted at its Discord channel back in May.
Several of the BAYC members have since taken to Twitter to register their displeasure about the repeated attacks.
Many of the users advise BAYC to invest in a full-time security manager. Not neglecting that there’s a need to address the incessant attacks immediately.
Social media platforms like Discord have over time been a ready tool for hackers. It has been deployed to steal from NFT owners through the compromised accounts of the project’s admin.
Yuga Labs Co-founder Gordon Goner voiced his dissatisfaction with Discord as a tool for the Web3 community.
He added that there is a need for a better platform that prioritizes security. While there is still a long way to improve safety, users should be careful in clicking Links.