Decoding how attackers managed to compromise BAYC Discord servers yet again
Hackers are much a part of the crypto ecosystem as much as investors and traders, and the Bored Ape Yacht Club (BAYC) has proved the same time and again. The NFT club once again reported a hack over the weekend through their Twitter feed. This is not the first hack on the BAYC server with the most recent hack happening in late April. Hacks are becoming a theme in the crypto space and this is the latest example of this.
Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at [email protected].
— Bored Ape Yacht Club (@BoredApeYC) June 4, 2022
The BAYC Discord servers were the reported target of a phishing attack in a “brief” exploit. In their tweet, they reported that around 200 ETH worth of NFTs have been stolen from users in the latest attack that took place on 4 June.
“We are still investigating, but if you were impacted, email us at [email protected],” the BAYC team broke the silence after more than 11 hours following the incident. Gordon Goner, Co-founder of Yuga Labs, tweeted after incident that
“Discord isn’t working for web3 communities. We need a better platform that puts security first.”
A detective’s report
Crypto detective OKHotshot tweeted his observations from the attack as he alarmed everyone to be “vigilant”. According to the investigations, the attacks were coordinated through Boris Wagner, Community and Social manager at Yuga Labs. This breach led to the hacking group to access to Discord groups of BAYC and OtherSide NFTs.
?BAYC & OtherSide discords got compromised‼️
Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen
Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W
— OKHotshot (@NFTherder) June 4, 2022
How many is too many?
This is the most recent attack on the BAYC servers after the Instagram hack. It was a heist of 91 NFTs worth approximately $2.8 million in which users were lured in for a fake update of a LAND airdrop. As security breaches continue to occur, OKHotshot prepared a list of 70 NFT Discord compromises in May. 26 out of the 70 breaches occurred through MEE6 who are yet to respond on the increasing attacks on their servers.
In addition to the losses incurred post the breach, BAYC NFT owners have already been suffering since due to the massive drop in NFT prices. As mentioned here, BAYC prices have dropped more than 60% only in May 2022 given the turbulent economy conditions. The latest breach has also had a growing FUD sentiment among users creating further chaos in the community. As pointed out by many users, there is an urgent need to address these breaches straight away.