On Saturday, May 4, hackers breached the Discord servers of the Bored Ape Yacht Club (BAYC) project and posted phishing links in its communication channels. NFT holders lost digital assets worth 200 ETH (~$359,000).
As a reminder, we do not offer surprise mints or giveaways.
— Bored Ape Yacht Club (@BoredApeYC) June 4, 2022
“Today our Discord servers were briefly exploited. The team quickly detected and resolved the issue. It appears that NFTs worth about 200 ETH were affected. We are continuing the investigation,” the developers wrote.
The first to notice the incident was an analyst going by the handle OKHotShot. He noted that BAYC community manager Boris Vagner’s account had been compromised — enabling the phishing attack.
🚨BAYC & OtherSide discords got compromised‼️
Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen
Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W
— OKHotshot (@NFTherder) June 4, 2022
Vagner is the founder of Spoiled Banana Society (SBS) — a BAYC holder group that runs a fantasy football league. The attackers also posted malicious links attributed to him in SBS communication channels.
We were hacked an hour ago hopefully no one clicked any links. We’ve got back control of the discord and Boris’s account. Thank god he didn’t delete the server. Bayc & Otherside discord was also hacked pls stay safe 🙏🏼
— Spoiled Banana Society (@SBS_XYZ) June 4, 2022
This is not the first instance of hackers stealing BAYC holders’ assets via phishing links in official communication channels. In April, attackers gained access to the project’s Instagram account — users had 765.3 ETH and 91 NFTs stolen.
In the wake of the incident, BAYC co-founder Gordon Goner said that Discord is not suitable for crypto communities, as it is unsafe.
Discord isn’t working for web3 communities. We need a better platform that puts security first.
— GordonGoner.eth (@GordonGoner) June 4, 2022
“Discord is not suitable for Web 3.0 communities. We need a better platform that puts security first,” he wrote.
Some commentators disagreed. The creator of the OpenAvatar NFT project, known as cory.eth, noted that the BAYC team had taken no measures to protect the Discord server. He proposed publishing all announcements on the blockchain, enabling a bot to repost them to traditional channels.
.@GordonGoner you just need to use the technology better. Hit me up if you want an audit or implementation.https://t.co/zybdI0eICl
— cory.eth (@cory_eth) June 4, 2022
In May 2022, unknown actors hacked the Twitter account of artist Mike Winkelmann, known by the alias Beeple, to post phishing links. Their haul totaled about $438,000 in assets.
Follow ForkLog’s Bitcoin news on our Telegram channel — cryptocurrency news, prices and analysis.