Bored Ape Discord Compromised Once Again: Creator Points Out Poor Security
KEY POINTS
- The Discord groups of BAYC, MAYC and Otherside were attacked; 145 ETH were stolen
- The Discord account of Boris Vagner was used to promote phishing links
- In April, the official Instagram of BAYC was also attacked
The Discord channels of Bored Ape Yacht Club (BAYC) and Otherside were compromised, according to Twitter posts from OKHotshot (@NFTherder), a non-fungible token on-chain analyst who conducts NFT audits and covers Discord security. The attackers also made away with over 145 Ether.
The Discord group attack on BAYC, a collection of 10,000 Bored Ape NFTs, and Otherside, a gamified metaverse consisting of 55,000 “Otherdeeds" NFTs, were pointed out by OKHotshot on Saturday at 6:46 am ET.
As per the blockchain detective's investigations, the Discord groups were attacked because hackers were able to gain access to the Discord account of Boris Vagner, community and social manager for Yuga Labs, the creator of the two NFT projects.
"Proper permissions could prevent this," said OKHotshot.
After gaining unrestricted access to Vagner's account, the attackers shared various phishing links from Vagner’s Discord account to the official BAYC, Mutant Ape Yacht Club (MAYC) and Otherside Discord groups. As per screenshots shared by OKHotshot, the hackers promised "another exclusive giveaway" from the creators of the NFT projects.
Gordon Goner, the pseudonymous co-founder and creator of Yuga Labs, the parent company of BAYC, MAYC, and Otherdeeds NFT collections, expressed his views prior to the attack and said that "Discord isn’t working for web3 communities."
Many Discord users who were unaware of the ongoing scams being executed through Discord fell for the fake giveaways and connected their wallets with the phishing links, losing their funds in the process.
This is one of the many Discord-based attacks launched on NFT communities on the platform.
In April, the official Instagram of BAYC was hacked and used to spread fake giveaway links in a similar manner. The attack was planned in line with the one-year anniversary of BAYC so that the giveaway seemed credible to followers. Twitter accounts pointed out that over 100 NFTs were stolen.
© Copyright IBTimes 2024. All rights reserved.