Yuga Labs witnessed yet another orchestrated phishing attack on Saturday, with investors losing over 200 ETH (around $350,000) worth of NFTs. Furthermore, one of the co-founders lashed out on Discord after the Bored Ape Yacht Club Discord server got exploited.
Yuga Labs is the creator of two of the most popular ape-themed non-fungible token (NFT) projects, Bored Ape Yacht Club and OtherSide. Also, it recently acquired two of the most popular NFT collections from Larva Labs, CryptoPunks and Meebits. However, the community has become a honeypot for hackers and scammers with its rising popularity.
A blockchain detective, OKHotshot, alerted crypto investors about the two compromised official Discord servers linked to BAYC and OtherSide NFTs. According to his investigations, the attack was done by hacking Boris Vagner's Discord account, Yuga Labs' community, and social manager.
Moreover, after gaining unrestricted access to Vagner's account, the scammer used it to share various phishing links. It included the official BAYC, Mutant Ape Yacht Club, and Otherside servers.
Unaware of the ongoing scam, many server members fell for the phishing links, which promised giveaways for existing NFT holders. Finally, OKHotshot revealed the wallets that held and transferred the recently compromised NFTs.
BAYC co-founder Gordon Goner took to Twitter on Saturday, saying Discord, the popular chat app in the Crypto space, "isn't working for Web3 communities." "We need a better platform that puts security first," Gordon added.
"Our Discord servers were briefly exploited today. The team caught and addressed it quickly," BAYC said, acknowledging the Discord exploits on Twitter. "About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at email@example.com."
While Yuga Labs is actively investigating the incident, some crypto community members blamed the hack on BAYC Discord users. OpenAvatar NFT collection founder Cory.eth wrote that users "just need to use the technology better."
Meanwhile, Saturday's exploit wasn't the first time hackers could leverage BAYC's social media channels. Just last month, the BAYC Instagram account was compromised with attackers stealing an estimated $2.8 million. That was also done in a similar way of sharing phishing links that stole NFTs from the user wallets.
In fact, these phishing scams are getting even those well-versed in crypto and NFTs. Most recently, famous digital artist and NFT creator Beeple's Twitter account also got hacked as part of a phishing scam. Also, after falling for a similar scam, DeFiance Founder Arthur Cheong lost $1.7 million worth of NFTs.
Crypto and NFT scams have been on an all-time high in the past few months. However, it serves as a harsh wake-up call for NFT owners to be careful when dealing with third-party platforms. Always make sure to double-check everything before connecting your wallet or entering your seed phrase, even if it looks legit.
To avoid losing your NFTs, check out our guide NFT Counterfeit and Scams: Things You Need To Be Aware Of.