An attacker got hold of Bored Ape NFTs worth 200 ether ($359,000) after the project-owned server was hacked on Saturday.
In a tweet, published 11 hours after the attack, Yuga Labs, the parent company of Bored Ape Yacht Club(BAYC), confirmed the amount stolen. An on-chain analyst and a Twitter user @NFTherder who first pointed toward the attack revealed that the malicious actor was able to get past the security of the Discord channel that belonged to Boris Vagner, the project manager of BAYC.
In the tweet, Yuga Labs confirmed that their Discord server was exploited. The team quickly got hold of it and addressed it. It further mentioned that approx. 200 ETH worth of NFTs was impacted due to the attack. “We are still investigating,” it added.
The bad actor after successfully attacking the discord server was able to post a phishing scam pretending to be Vagner that tricked Bored Ape collectors into clicking a malicious link and transferring their NFTs to the address of the attacker, stated the NFTherder.
As per a tweet that praised the founders at Bored Apes and Yuga Labs, Vagner was promoted to social and community manager in February.
Many people are questioning on social media platforms about the attack as they are curious about what happened, also raising questions about the project’s security. The attacker most probably obtained a Discord ID token from a targeted victim and hence was able to execute his malicious plans, even after security measures by way of two-factor authentication.
Another theory being circulated is that the Vagner’s Discord ID token – used to log in several times locally without the verification of one’s identity – was also compromised, using which the bad actor got access to Vagner’s account.
This is the third time that BAYC has been hacked. On April 1st, a Mutant Ape Yacht Club NFT was stolen through a phishing link on Discord. Just four weeks later, BAYC’s Discord and Instagram accounts were hacked when a fake link to a copycat website tricked users to give up NFTs worth millions of dollars.
Several Twitter users showed their frustration at the repeated attacks and the lack of proper security.
ALSO READ: KUSAMA Price Analysis: KSM Bears are Interrupting the Recovery. Bulls Need to Accumulate Fast
Source: https://www.thecoinrepublic.com/2022/06/05/another-attack-on-bayc-discord-channel-hacked-nfts-worth-200-eth-affected/