Bored Ape Yacht Club Discord server hacked, NFTs stolen

security
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)

 A manager of the Bored Ape Yacht Club (BAYC) had his Discord account compromised and then used to steal hundreds of thousands of dollars worth of non-fungible tokens (NFT) and Ethereum’s native currency, ether, reports have claimed.

According to CoinDesk, the account of Boris Vagner, BAYCs community manager, was breached, with the hackers behind the attack then using the stolen identity to post phishing links in Discord channels of both BAYC, and Otherside, the company’s related metaverse project.

BAYC is one of the world’s most popular, and most expensive, NFT projects, despite a number of well-publicized security risks and dramatic recent price fluctuations.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Damage report

The attackers also posted phishing links in the Discord server of Spoiled Banana Society, an NFT project Boris runs with his brother, Richard. The message was quickly deleted, and Richard later asked for a damage report from the community:

"Hey @everyone we were hacked an hour ago hopefully no one clicked any links. We’ve got back control of the discord and Boris’s account thank god he didn’t delete the whole server,” he said. “We’ll be getting all the tabs back up in the following days & let us know if there’s anything else he messed with.”

So far, the attack appears to have stolen around 200 Ether worth of NFTs, which equals to roughly $360,000 at current prices. 

Non-fungible tokens are a major trend among cryptocurrency aficionados right now, with some tokens hitting six-digit valuations. This made them an attractive target for cybercriminals who come up with new ways of theft almost daily. 

Less than a month ago, it was discovered that a threat actor impersonated the Pixelmon NFT project, creating the entire website from scratch, and making it look almost identical - save for one crucial difference - it distributed password-stealing malware called Vidar.

Crooks are also posting fake jobs in the NFT industry, trying to get their hands on people’s Ethereum wallets’ private keys, and through those - their valuable NFT collections. 

Via: CoinDesk

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.