If you’re a Bored Apes Yacht Club owner – beware of suspicious Discord links.
The popular NFT project’s Discord got hacked earlier this month, making it one of several hacks that occurred on the platform during that time.
The attacks appear to involve the compromised accounts of moderators, which were then used to post phishing links that stole their NFTs.
At least US$600,000 worth of NFTs were stolen – Bored Apes themselves said its users lost about 200 ETH or about US$370,000.
Scammers apparently managed to compromise the Discord account of a Bored Apes community manager, and used it to announce an “exclusive giveaway” to holders of Bored Ape, Mutant Ape or Otherside
To add an extra layer of plausibility, the fake link also had a warning that this was the only official site.
Unfortunately, when users clicked on it, scammers could then obtain permission to access their NFTs, which were then flipped and quickly washed through Tornado Cash.
11 hours after the hack happened, Yuga Labs – the collective behind Bored Apes – confirmed the exploit occurred and said it was actively investigating.
The group also reminded users that they did not offer surprise giveaways or mints.
The latest hack comes at an awkward time for Yuga Labs – the group is preparing to host ApeFest 2022 in New York later this month.
Gordon Goner, one of the co-founders of Bored Apes, has blamed Discord for the lapse in security.
The platform has been criticised for having a hacking problem and many of its affected users say its support can vary.
The Reddit community on Discord is full of threads from users who have had their accounts or servers compromised.
But another crypto project founder was quick to refute Goner’s claims and wrote that users lost their NFTs because they approved a malicious transaction, suggesting that even if Yuga Labs moved their project onto another platform, the same issues will continue.
This is the third time in two months Bored Apes users have been targeted – in April, its Instagram and Discord were hacked with scammers getting away with some US$3 million worth of NFTs.
More recently, American actor Seth Green had several of his NFTs stolen in a phishing attack – among them, a Bored Ape that was quickly sold to another person.
Green eventually coughed up an eye-watering 165 ETH – or about US$297,000 – for the return of Bored Ape #8398.
The Ape is supposed to be the star of Green’s new show.
A Chainalysis report said cryptocurrency-based crime hit an all-time high in 2021, with illicit addresses receiving US$14 billion – an increase from US$7.8 billion in 2020.
*Featured image from OpenSea
By Samantha Chan \ 09:45, 13 June 2022