All Those Apes Gone (Again): Multiple NFT Discords Hacked Including Bored Apes

If you’re a Bored Apes Yacht Club owner – beware of suspicious Discord links. 

The popular NFT project’s Discord got hacked earlier this month, making it one of several hacks that occurred on the platform during that time. 

The attacks appear to involve the compromised accounts of moderators, which were then used to post phishing links that stole their NFTs. 

At least US$600,000 worth of NFTs were stolen – Bored Apes themselves said its users lost about 200 ETH or about US$370,000.

Scammers apparently managed to compromise the Discord account of a Bored Apes community manager, and used it to announce an “exclusive giveaway” to holders of Bored Ape, Mutant Ape or Otherside

To add an extra layer of plausibility, the fake link also had a warning that this was the only official site. 

Unfortunately, when users clicked on it, scammers could then obtain permission to access their NFTs, which  were then flipped and quickly washed through Tornado Cash. 

Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at discord@yugalabs.io.

— Bored Ape Yacht Club (@BoredApeYC) June 4, 2022

11 hours after the hack happened, Yuga Labs – the collective behind Bored Apes – confirmed the exploit occurred and said it was actively investigating. 

The group also reminded users that they did not offer surprise giveaways or mints. 

The latest hack comes at an awkward time for Yuga Labs – the group is preparing to host ApeFest 2022 in New York later this month. 

Discord isn’t working for web3 communities. We need a better platform that puts security first.

— GordonGoner.eth (@GordonGoner) June 4, 2022

Gordon Goner, one of the co-founders of Bored Apes, has blamed Discord for the lapse in security.

The platform has been criticised for having a hacking problem and many of its affected users say its support can vary. 

The Reddit community on Discord is full of threads from users who have had their accounts or servers compromised. 

you didn't lose your NFT because you used Discord

you lost your NFT because you signed a malicious transaction with your key

stop blaming Discord, another client won't save you from repeating the same mistakes

— evets.eth ⌐◨-◨ (@stevefink) June 4, 2022

But another crypto project founder was quick to refute Goner’s claims and wrote that users lost their NFTs because they approved a malicious transaction, suggesting that even if Yuga Labs moved their project onto another platform, the same issues will continue. 

This is the third time in two months Bored Apes users have been targeted – in April, its Instagram and Discord were hacked with scammers getting away with some US$3 million worth of NFTs. 

Well frens it happened to me. Got phished and had 4NFT stolen. @BoredApeYC @opensea @doodles @yugalabs please don’t buy or trade these while I work to resolve:@DarkWing84 looks like you bought my stolen ape- hit me up so we can fix it pic.twitter.com/VL1OVnd44m

— Seth Green (@SethGreen) May 17, 2022

More recently, American actor Seth Green had several of his NFTs stolen in a phishing attack – among them, a Bored Ape that was quickly sold to another person. 

Green eventually coughed up an eye-watering 165 ETH – or about US$297,000 – for the return of Bored Ape #8398. 

The Ape is supposed to be the star of Green’s new show. 

A Chainalysis report said cryptocurrency-based crime hit an all-time high in 2021, with illicit addresses receiving US$14 billion – an increase from US$7.8 billion in 2020. 

*Featured image from OpenSea

By Samantha Chan \ 09:45, 13 June 2022