The Bored Ape Yacht Club (BAYC) NFT was hacked Saturday, losing upwards of about $360,000 worth of NFTs, according to reports. According to data from blockchain security firm PeckShield, one Bored App Yacht Club and two Mutant Apes tokens were stolen in the scam. The hack was the result of a phishing attack that compromised the Discord account of Boris Vagner, the project’s community manager.
The Phishing Attack Occurred Due to Compromised Credentials
After obtaining Vagner’s login credentials, the attacker posted fake links in the Discord channels of the official BAYC and its related metaverse project called Otherside, according to the report. Twitter user NFT herder was first to spot the compromise, tracing the stolen funds to four separate wallets worth an estimated 145 ETH.
Yuga Labs confirmed the phishing attack on the official BAYC Twitter account, reporting that its Discord servers were briefly exploited. “About 200 ETH worth of NFTs appear to have been impacted,” according to the tweet. “We are still investigating, but if you were impacted, email us at [email protected].” This is the second time in less than two months that someone has stolen Yuga Labs NFTs.
Scams in Decentralized Space Have Reached $14 Billion in 2021
According to reports, back in April, a bad actor was able to steal users’ funds after compromising the CAPTCHA bot Yuga Labs used to deter spammers. The company lost over $2.8 million worth of NFTs to the hack. NFT theft has become a concerning trend as of late. In addition to this, scams and thefts in the “decentralized finance space have continued to get worse, reaching $14 billion in 2021.”