A manager of the Bored Ape Yacht Club (BAYC) had his Discord account compromised and then used to steal hundreds of thousands of dollars worth of non-fungible tokens (NFT) and Ethereum’s native currency, ether, reports have claimed.
According to CoinDesk, the account of Boris Vagner, BAYCs community manager, was breached, with the hackers behind the attack then using the stolen identity (opens in new tab) to post phishing links in Discord channels of both BAYC, and Otherside, the company’s related metaverse project.
BAYC is one of the world’s most popular, and most expensive, NFT projects, despite a number of well-publicized security risks and dramatic recent price fluctuations.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
The attackers also posted phishing links in the Discord server of Spoiled Banana Society, an NFT project Boris runs with his brother, Richard. The message was quickly deleted, and Richard later asked for a damage report from the community:
"Hey @everyone we were hacked an hour ago hopefully no one clicked any links. We’ve got back control of the discord and Boris’s account thank god he didn’t delete the whole server,” he said. “We’ll be getting all the tabs back up in the following days & let us know if there’s anything else he messed with.”
So far, the attack appears to have stolen around 200 Ether worth of NFTs, which equals to roughly $360,000 at current prices.
> That NFT job offer is probably malware (opens in new tab)
> This site claims to offer Pixelmon NFTs, but just gives you malware (opens in new tab)
> There's a Mr. Bean NFT collection because of course there is (opens in new tab)
Non-fungible tokens are a major trend among cryptocurrency aficionados right now, with some tokens hitting six-digit valuations. This made them an attractive target for cybercriminals who come up with new ways of theft almost daily.
Less than a month ago, it was discovered that a threat actor impersonated the Pixelmon NFT project, creating the entire website from scratch, and making it look almost identical - save for one crucial difference - it distributed password-stealing malware called Vidar.
Crooks are also posting fake jobs in the NFT industry, trying to get their hands on people’s Ethereum wallets’ private keys, and through those - their valuable NFT collections.
- Keep track of all traffic with the best firewalls around (opens in new tab)
Via: CoinDesk (opens in new tab)