The official Discord channel of Bored Ape Yacht Club (BAYC), the largest non-fungible token (NFT) collection by market cap, was compromised earlier today, the team behind the project said on Twitter on 1 April.
According to the announcement, an unknown hacker was able to gain access to BAYC’s official Discord channel — which has members from Bored Ape Yacht Club, Mutant Ape Yacht Club, and Mutant Ape Kennel Club — and post a phishing link disguised as a “stealth NFT mint. While BAYC’s team noticed the issue immediately, security firm PeckShield noted the hacker was able to steal Mutant Ape Yacht Club #8662 from one user.
Users from other NFT-focused Discord servers — such as Doodles, Shamanzs, and Nyoki — have also reported seeing a similar phishing messages. Security researcher Serpent noted on Twitter that the attacks may have been carried out via Ticket Tool, a Discord bot that automatically generates support tickets. The researcher also noted that clicking on the phishing link would result in an illicit script stealing user’s NFTs and wallet information.
This is not the first time malicious actors have used Discord to steal from NFT collectors through phishing links. Last month, newly launched NFT collection Rare Bears revealed its members had fallen victim to a similar incident, and had lost a total of 179 NFTs and other assets with a combined value of around $800,000.