After breaching a Discord server hosted by Yuga Labs Inc., the producer of leading NFTs such as the Bored Ape Yacht Club, hackers stole cryptocurrency and non-fungible tokens (NFTs).
The attackers gained access to Yuga Labs Community and Social Manager Boris Vagner’s account. The hackers used Vagner’s username to post phishing links in the official BAYC and Otherside Discord channels.
The phishing messages, purportedly from Vagner, promised an exclusive prize, with the caveat that only BAYC, Mutant Ape Yacht Club, and Otherside NFT holders may participate. The holders were then sent to a phishing site where hackers requested them to input their login information. Once hackers obtained the login information, the attackers took all Ethereum and NFTs in the account’s connected wallet. Developers eventually restored Yuga Labs’ access to the Discord server, but not before the hackers had done significant harm.
According to BAYC’s official Twitter account, the stolen NFTs were worth around 200 ETH ($361,000). The perpetrators of the assault stole 145 Ethereum worth around $250,000 and 32 NFTs.
Gordon Goner, a BAYC founder, blamed Discord for the compromise. “Discord isn’t working for Web3 communities,” Gordon tweeted. We require a better platform that prioritizes security.
“There are several servers on Discord dedicated to NFT founders, investors, and aficionados,” Anton P, a security researcher at AtlasVPN, a freemium VPN provider that secures your online connection, said on the company’s official blog. “Unfortunately, Discord hacking is one of the most recent methods for carrying out NFT scams. Hackers get administrator access to Discord servers and broadcast false messages to the communities.”
Yuga Labs Discord hacked before
It is not the first time a Yuga Labs account has been hacked. In a virtually identical incident, the official Bored Ape Yacht Club Instagram account was hijacked in April, resulting in the theft of roughly $3 million in NFTs.
As the number of criminal actors vying for a piece of the multi-million-dollar pie grows in NFT communities, letting users create and verify the ownership of virtual items by documenting their sales and exchanges on blockchains. As a result, NFT-related thefts are becoming increasingly expensive. In most situations, such as this one, people have lost millions of dollars.
According to Top10VPN, a global digital privacy and research firm, NFT attacks cost about $52 million in the first four months of 2022 alone, compared to less than $7 million for 2021.
We continually report on hacks, phishing and consumer scams on this website. Such attacks can result in huge losses. You only have to look at the Axie Infinity hack that netted over $625 million for suspected N. Korean hackers.
Yuga Labs Discord hack will not be the last. We will continue to bring you news of theses attacks as they become known. You can keep up to date with all the latest news.