Bored Ape Yacht Club Discord Channel Compromised

Bored Ape Yacht Club, Doodles, Shamanzs, and Nyoki Discord channels have all been compromised by a hacker, who attempted to use phishing links to steal NFTs.
Security researchers have noted that the attacker most likely used a Discord ticket tool to gain access to the NFT-focused channels.

by Krasimir Buchvarov – April 1, 2022, 11:58 AM

Shutterstock

The official Discord channel of Bored Ape Yacht Club (BAYC), the largest non-fungible token (NFT) collection by market cap, was compromised earlier today, the team behind the project said on Twitter on 1 April.

According to the announcement, an unknown hacker was able to gain access to BAYC’s official Discord channel — which has members from Bored Ape Yacht Club, Mutant Ape Yacht Club, and Mutant Ape Kennel Club — and post a phishing link disguised as a “stealth NFT mint. While BAYC’s team noticed the issue immediately, security firm PeckShield noted the hacker was able to steal Mutant Ape Yacht Club #8662 from one user.

STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.
— Bored Ape Yacht Club (@BoredApeYC) April 1, 2022

Users from other NFT-focused Discord servers — such as Doodles, Shamanzs, and Nyoki — have also reported seeing a similar phishing messages. Security researcher Serpent noted on Twitter that the attacks may have been carried out via Ticket Tool, a Discord bot that automatically generates support tickets. The researcher also noted that clicking on the phishing link would result in an illicit script stealing user’s NFTs and wallet information.

This is not the first time malicious actors have used Discord to steal from NFT collectors through phishing links. Last month, newly launched NFT collection Rare Bears revealed its members had fallen victim to a similar incident, and had lost a total of 179 NFTs and other assets with a combined value of around $800,000.

Discussion

Related Coverage

Vitalik Says X Account Hacked Via SIM-Swap

Ethereum co-founder Vitalik Buterin has regained his T-Mobile account, which on Saturday was compromised by hackers and used to take over his X account.
On 9 September, hackers used a SIM-swap attack to take over Buterin’s X account, and siphon close to $700,000 in crypto by promoting a fake NFT giveaway.

September 12, 2023, 1:33 PM

Vitalik Buterin Proposes Creating an Ether Mixer

Ethereum co-founder and Vitalik Buterin speaks during TechCrunch Disrupt. 18 September, 2017, San Francisco, California.Steve Jennings/Getty Images for TechCrunch

Kroll Data Breach Compromises FTX, BlockFi Customer Information

A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.

Terra Freezes Website, Warns Against Phishing Scams

Blockchain network Terra said its website was compromised by hackers over the weekend, and warned users against ongoing phishing scams.
The platform later froze its website to prevent the hackers from exploiting it, and reminded users to avoid websites with the terra.money domain for now.