Today, the Discord account of the community manager of the Bored Ape Yacht Club (BAYC) has been hacked, and the attacker took advantage of it to spread a phishing link on the server. In total, 32 non-fungible tokens (NFTs) have been stolen, for an amount of around 256 000 dollars.
The BAYC Discord server hacked
Today, a number of members of the official Discord server of the Bored Ape Yacht Club (BAYC) had the unpleasant surprise of having their non-fungible tokens (NFTs) stolen.
According to the information currently available, it seems that it is the account of the BAYC’s community manager that is at fault, the latter having been hacked. The attacker(s) would then have used his account to spread a phishing link on the project’s Discord server.
According to the current estimates, the amount of the theft would be more than 145 Ethers (ETH), that is to say approximately 256 000 dollars. The users affected by the hack had the misfortune to click on the phishing link published by the official account of the community manager, which sent to a site encouraging them to connect their wallet in order to benefit from an “exclusive gift”.
According to the security firm PeckShield, 32 NFTs from several collections were stolen, including 1 NFT from BAYC, 2 mutant BAYC, 5 NFTs from the Otherdeed metaverse and 1 NFT from the Bored Ape Kennel Club.
BAYC, a prime target for hacks
Unfortunately, the risks of hacks, phishing and scams of all kinds often go hand in hand with the success of this or that project. In this case, BAYC, which is probably the most successful and lucrative NFT project to date, is not the first hack.
Today’s attack is reminiscent of the sad episode at the end of April, similar to today’s in broad terms, during which a hacker managed to take over the official Instagram account of the Bored Ape Yacht Club.
Promising to offer virtual land in the Otherdeed metaverse, the attacker had also submitted a link on the project’s official account, inviting users to connect their MetaMask wallet to the site. The total amount of the loot was around 3 million dollars.
Of course, we can only encourage you to always check the addresses of the sites you are on if you have a wallet on your web browser, especially if you are invited to connect it.
For the time being, no official statement has been issued either by the BAYC teams or by the project’s community manager.