According to OKHotshot’s investigations, the attack was conducted by hacking into the Discord account of Boris Vagner, community and social manager for Yuga Labs.
Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack with investors losing over 145 Ether (ETH) or nearly $260,000 at the time of writing.
OKHotshot, a blockchain detective and a member of the Crypto Twitter community, alerted crypto investors about the compromise of two official Discord groups linked to BAYC and OtherSide NFTs.
BAYC & OtherSide discords got compromised‼️
Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen
Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W
— OKHotshot (@NFTherder) June 4, 2022
According to OKHotshot’s investigations, the attack was conducted by hacking into the Discord account of Boris Vagner, community and social manager for Yuga Labs.
After gaining unrestricted access to the employee’s account, scammers shared various phishing links from Vagner’s Discord account into the official BAYC, Mutant Ape Yacht Club (MAYC) and Otherside groups.
Many users in the Discord groups, unwary about the ongoing scam, fell for the phishing messages that promised limited-quantity giveaways made available for existing NFT holders — as evidenced by the above screenshot.
Concluding the investigation, OKHotshot revealed the wallets that held and transferred the recently compromised NFTs, making the second time BAYC fell victim to an attack in two weeks.
Yuga Labs has not yet responded to Cointelegraph’s request for comment.
Related: NFT owners reminded to be vigilant after 29 Moonbirds were stolen by clicking a bad link
On May 25, a Proof Collective member lost 29 high-valued Ethereum-based Moonbirds NFTs worth $1.5 million amid an ongoing scam.
29 Moonbirds were just stolen in a hack.
~750e (~$1,500,000) in value lost by clicking on a bad link.
Sickening seeing stuff like this. Let this be a reminder to never ever click on links and to bookmark the marketplaces/trading sites that you use. pic.twitter.com/7iWO5LMovL
— Cirrus (@CirrusNFT) May 25, 2022
While the total damage around this hack remains unclear, the recent crypto scams are a harsh wake-up call for NFT owners to exercise caution when dealing with third-party platforms, and to double-check anything shared by others, even if they appear trustworthy.