Over the weekend, the Discord server of the popular NFT collectible Bored Ape Yacht Club (BAYC) was compromised, leading to the loss of about 200 ETH (approximately $360,000) worth of NFTs.
The hack was due to a phishing attack on the Discord account of Boris Vagner, the project's community manager. According to data from blockchain security firm PeckShield, one BAYC and two Mutant Apes NFTs were stolen during the hit.
Bored Ape creator Yuga Labs made the announcement on Twitter a few hours after the incident occurred, and the project developers described the attack as a “brief” exploit, while insisting that an in-house investigation is currently underway.
Yuga Labs' co-founder Gordon Goner followed up the announcement with a tweet questioning the security measures employed by Discord.
Twitter user NERFherder was the first to reportthe breach. As of then, NERFherder said the stolen amount was 145 ETH ($260,000), traceable to four separate wallets. NERFherder later countered Goner for criticizing Discord, saying:
Don’t blame Discord for users getting socially engineered, having DMs open and clicking phishing links. Use the tool correctly first before blaming it.
BAYC is one of the hottest NFT projects in circulation, making it an enticing target for cyberpunks. In April, the official Instagram account of the BAYC collection was compromised as a malicious link was shared via the channel, misleading users who eventually had their NFTs stolen. The hack cost the corporation almost $2.8 million in NFTs.
Likewise, an OpenSea UX bug caused several BAYC holders alongside holders of other top NFT projects to lose their collectibles at cheap rates.