According to Yuga Labs, the Bored Ape Yacht Club (BAYC) Chat group was breached on Saturday. The offender made off with 200 ETH worth of non-fungible tokens, which is approximately $360,000.
The Yuga Labs breach occurred after the project’s community manager, Boris Vagner, had his Discord account hacked. The breach allowed the hacker to gain access to the account and commit mischievous acts. The thief used the channel to post phishing links on the official Discord channels for the BAYC. He also attacked a metaverse project called Otherside using the same method.
Twitter user NFTherder was the first to reveal the hack to the public. NFTherder also estimates that 145 ETH (approx USD 260,000) went missing along with the NFTs. Besides, he could trace the stolen assets back to four different wallets.
Yuga Labs acknowledge a breach of their Discord
In an official tweet, Yuga Labs acknowledged that there was a breach. Yet, they stated that the firm is investigating the matter. Yuga Labs made an update 11 hours after NFTHerder’s tweet.
Boris is also his brother’s manager, the Grammy-winning multi-instrumentalist Richard Vagner. Boris and Richard Vagner co-founded an NFT fantasy football club known as the Spoiled Banana Society (SPS). According to Richard, the malicious actor also posted a link to a phishing website on the SPS Discord channel. They later deleted the message. In a published message on the Discord at 9:00 UTC, Richard Vagner said the following.
Hey, @everyone, we were attacked an hour ago. Let us hope no one accessed any links. Both the Discord and Boris’s accounts were successfully recovered, allowing us to continue using them. It is a miracle that he did not delete everything on the server.
Richard Vagner
It is unknown if the attack affected anyone on the SBS channel. Nonetheless, Richard has asked Discord users to provide him with information on the matter. He said that in the coming days, they will be restoring all of the browsers back up. In the meantime, he asked customers to consult them if there is something that he interfered with.
Also, the Vagners are the proprietors of a record label known as Metaverse Records. Richard confirmed the breach of security in the BAYC and Otherside Discords almost affected the SBS Discord.
Breach keeps happening
This is the third instance in which a malicious actor has successfully impersonated a Yuga Labs-run account to wedge theft. The first incident occurred on April 1. The Mutant Ape Yacht Club #8662 went missing through a phishing link posted on the project’s Discord.
Another Yuga Labs incident took place on April 25; the Bored Ape Yacht Club Instagram and Discord accounts posted a fake link to an Otherside minting. Actor Seth Green became a notable example of the phishing scheme that ran in the NFT market last week. Unfortunately, someone was successful in scamming him out of his Bored Ape.
One of the founders of BAYC responded to the situation that occurred on Saturday. He pointed the finger of blame upon Discord for the breach in security. Gordon Goner stated in a tweet that Discord is not working for Web 3 communities. Thus, they are desperate for a better platform that prioritizes safety. But, other founders suggest that clients were at fault for the loss of security in their wallets.
The investors hold that clients approve fake transactions using their keys. Thus, it is unfair to blame Discord squarely. Even if one uses a different client, the mistake they make won’t stop an attack on you. Cases of scams have been on the rise in the NFT space. The scammers have been sustaining attacks in most NFTs. Users need to remain vigilant and desist from clicking links. Fear of missing out should not be a reason for losing every investment one has made.
Source: https://www.cryptopolitan.com/discord-server-hack-yuga-labs-lost-nfts/