According to reports, the Bored Ape Yacht Club (BAYC) NFT was hacked on Saturday, resulting in the loss of up to 200 ETH (about $360,000) in NFTs. One BAYC and two Mutant Apes tokens were taken in the fraud, according to data from blockchain security firm PeckShield.
Fortune reported that the hack was the result of a phishing attack that compromised the Discord account of Boris Vagner, the project’s community manager. After obtaining Vagner’s login credentials, the attacker posted fake links in the Discord channels of the official BAYC and its related metaverse project called Otherside, according to the report.
Twitter user NFTherder was first to spot the compromise, tracing the stolen funds to four separate wallets worth an estimated 145 ETH (around $260,000), according to the report.
Yuga Labs confirmed the hack on the official BAYC Twitter account, reporting that its Discord servers were briefly exploited. “About 200 ETH worth of NFTs appear to have been impacted,” according to the tweet. “We are still investigating, but if you were impacted, email us at discord@yugalabs.io.”
This is the second time in less than two months that someone has stolen Yuga Labs NFTs. According to the Fortune report, back in April, a bad actor was able to steal users’ funds after compromising the CAPTCHA bot Yuga Labs used to deter spammers. The company lost over $2.8 million worth of NFTs to the hack.
NFT theft has become a concerning trend as of late. According to VICE, scams and thefts in the “decentralized finance space have continued to get worse, reaching $14 billion in 2021.” Another recent example: Actor Seth Green had several of his NFTs stolen last week, including a Bored Ape that was supposed to star in his new TV show. As of this writing, Green is now collaborating with the Twitter user who bought his stolen NFT to prosecute the thief.
Yuga Labs is still investigating the compromise and is warning potential customers about the contents of these phishing messages: “As a reminder, we do not offer surprise mints or giveaways,” Yuga Labs tweeted.