Yuga Labs, the creator of leading NFTs such as the Bored Ape Yacht Club is a victim of stolen NFT and cryptocurrency through a Discord server compromise.
The compromise of an account belonging to Yuga Labs Community and Social Manager Boris Vagner is the initial point of the attack. With access to Vagner’s account, phishing links have been posted in both the official BAYC and the Otherside Discord channels.
The phishing messages, pretending to be from Vagner, promised an exclusive giveaway with a message that only those holding BAYC, Mutant Ape Yacht Club, and Otherside NFTs could participate. The holders were then sent to a phishing site that asked users to enter their login details.
Once the login details were handed over, the attackers then stole all Ethereum and NFTs held in the account’s linked wallet. Access to the Discord server was eventually returned to Yuga Labs but not before the damage was done.
Attackers have stolen an estimated 145 Ethereum worth approximately $250,000 and 32 NFTs. The official Twitter account of BAYC states that the stolen NFTs were worth around 200 ETH ($361,000). NFTs allows users to create and verify the ownership of virtual items by recording their sales and trades on blockchains.
This isn’t the first time a Yuga Labs account has been compromised. In a nearly identical attack, hackers obtained access to the BAYC Instagram account in April and then sent out phishing messages with malicious links. NFTs valued at about $3 million were stolen.