Bored Ape Yacht Club, Otherside NFTs Stolen via Discord Over the Weekend — How Did It Happen?

The Bored Ape Yacht Club experienced a massive breach again, this time through Discord.

BAYC and the Otherside Metaverse was hacked through its Discord server, which resulted in 32 NFTs being stolen and the loss of more than $257,000 in Ethereum.

On June 4, a phishing scheme using compromised accounts was purportedly posted on the Discord servers used by Yuga Labs. The compromised accounts belonged to a community manager for Yuga Labs.

The Bored Ape Yacht Club Phishing Scam

This phishing scam disguised itself as an exclusive, limited offer for existing BAYC, Mutant Ape Yacht Club (MAYC), and Otherside NFT holders. It contained a link to a webpage that allowed a visitor to mint the free NFT.

According to Bleeping Computer, the phishing scam added a sense of urgency by suggesting that only a limited quantity of NFTs were available to be minted. This statement most likely caused visitors to forego their usual precautions and hurry to claim the free giveaway. However, it was actually a scam designed to steal personal information.

The link provided will allow the bad actors to steal a user's data and hack their details to steal their crypto and NFT holdings that are linked through their wallets.

PCMag reported that the Bored Ape Yacht Club was hacked by Boris Vagner, one of its Discord community managers. The hackers used Vagner's account to post the links in the official Discord channels for both the BAYC project and its related metaverse project, Otherside. This allowed the hacker to gain access to the account and carry out the hack.

Twitter user @NFTherder was the first to reveal the hack to the public. NFTherder also estimates that 145 ETH, or approximately $260,000 USD, was taken along with the NFTs, and he was able to trace the stolen assets back to four different wallets. NFTherder also stated, "Proper permissions could prevent this."

In a subsequent tweet of its own, BAYC acknowledged that the vulnerability had been exploited and stated that the company is continuing to conduct an investigation into the matter.

This occurred 11 hours after NFTHerder's tweet about it. BAYC stated in a tweet, "We are still investigating, but if you were impacted, email us at discord@yugalabs.io."

Boris Vagner is the brother of instrumentalist Richard Vagner. The brothers are also known to have co-founded an NFT fantasy football club known as the Spoiled Banana Society (SPS) and a record label known as Metaverse Records.

Previous Hacking Incidents

The BAYC hacking not only stole Ethereum and a couple of NFTs, but it was able to steal multiple kinds of NFTs that were reported to be Bored App Kennel Club, Otherdeed, Mutant Ape Yacht Club, and Bored Ape Yacht Club NFTs.

This phishing scam, as CoinDesk reports, is the third instance in which a malicious actor has successfully impersonated a Yuga Labs-run account in order to steal funds from other users.

The first hacking incident occurred on April 1. The Mutant Ape Yacht Club #8662 was stolen through the use of a phishing link that was posted on the project's Discord. The second hacking incident was done through the official Instagram of BAYC, where a supposed Otherside mint was posted in the phishing scam link.

On April 26, due to the rampant hacking in BAYC's system, the company posted a tweet to warn and remind their community that the company will never announce mints on the BAYC or Otherside Instagram accounts.

BAYC stated, "Only obtain information from our official twitter accounts: @BoredApeYC, @yugalabs, and @OthersideMeta. These will be crossposted on the #announcement channel of BAYC Discord."

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics