In a post to his Twitter account, he specifically referred to “surprise mints”, hinting that this would be the likely method of attack from cyber criminals.
The BAYC brand has been under scrutiny for the wrong reasons lately. On June 4th, the BAYC Discord was hacked as the perpetrator lured victims with a phishing scam.
Phishing scams involve cybercriminals posting malicious links to coax the victims into giving their log-on information.
With that personal information, the attacker has the ability to steal whatever NFTs that person has in their wallet.
The attack on Discord was a total of 32 NFTs valued at roughly $360k, which were stolen from blue-chip NFT holders.
Certik, the Web3 and blockchain auditing, and security firm, published an analysis of the attack. They believe that the attacker may have been involved in other similar attacks.
Certik’s report said that the attacker’s phishing site was a “carbon copy of the official project’s website, yet with subtle differences.”
There were no social media links on the site and there was a tab added entitled “claim free land”.
This tab lured some victims to click the phony link, which enabled the attacker to steal some of the BAYC NFTs and then sell them on the secondary market.
BAYC, to their credit, have always reacted swiftly to security breaches. Following the attack on June 4th, they said: “Our Discord servers were briefly exploited today.”
“The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted.”
“We are still investigating, but if you were impacted, email us at firstname.lastname@example.org. As a reminder, we do not offer surprise mints or giveaways.”
The latest Discord breach was not the first time the legendary Apes have been targeted.
Several other high-profile breaches involving Bored Apes have occurred this year.
In January, Tod Kramer said his collection of sixteen BAYC NFTs, worth $2.28 million, had been “hacked”.
Famously, Kramer wrote: “I been hacked. All my apes gone.”
In this instance, Kramer had clicked on a link that appeared to be a genuine NFT DApp (decentralized application). However, it turned out to be a phishing attack leading to the theft of his collection of 16 NFTs.
Eight of those sixteen NFTs were BAYC NFTs valued at around 615 Eth (over $800k). Another seven NFTs were Mutant Ape Yacht Club (MAYC) NFTs. His assets were consequently frozen by Opensea.
When it comes to your NFTs, stay vigilant and aware of phishing scams, which permeate the Web3 space.
As Gordon Goner said, surprise giveaways and mints are never genuine and that rule would likely apply to most projects out there.