Yuga Labs reports that the Bored Ape Yacht Club (BAYC), Discord Server was hacked and the attacker made off with 200 Ethereum ($360,000) worth NFTs.
The hack took place after the project’s community manager, Boris Vagner, had his Discord account compromised, which the attacker then used to post phishing links in both the official BAYC and its related metaverse project called Otherside’s Discord channels.
Twitter user NFTherder reported the hack first. NFTherder also estimated that 145 Ethereum (about $260,000) was taken along with the NFTs. He traced the stolen funds back through four wallets.
Vagner is also the manager of his brother, the Grammy-winning multi-instrumentalist Richard Vagner, who co-founded an NFT fantasy football club called Spoiled Banana Society (SPS) with Boris. Richard stated that the attacker posted a phishing message in the SPS Discord channel. However, the message was later deleted.
“Hey @everyone we were hacked an hour ago hopefully no one clicked any links,” Richard Vagner said in a Discord message at 09:00 UTC. “We’ve got back control of the discord and Boris’s account thank god he didn’t delete the whole server.”
Richard has asked for information from Discord members about the attack. However, it is unclear if any SBS channel employees were affected.
“We’ll be getting all the tabs back up in the following days & let us know if there’s anything else he messed with,” he said.
Metaverse Records is also owned by the Vagners. In the same SBS Discord message Richard independently confirmed that the BAYC and Otherside Discords were also “hacked.”
“pls stay safe,” he wrote.
This is the third time a bad actor has been able to impersonate a Yuga Labs-run account to steal users’ funds. The first was on April 1 when Mutant Ape Yacht Club #8662 was stolen through a phishing link posted in the project’s Discord, with the second coming on April 25 after Bored Ape Yacht Club Instagram and Discord accounts posted a fake link to an Otherside minting.
Discord was blamed by one BAYC founder for Saturday’s security breach.
Gordon Goner tweeted that discord wasn’t working for Web 3 communities. “We need to find a better platform that prioritizes security.”
However, another founder of a crypto project has emerged blamed the users themselves for compromising their wallets.
Steve Fink wrote that “You lost your NFT due to a malicious transaction you made with your key,” Stop blaming Discord. Another client won’t stop you from making the same mistakes again.”