Yuga Labs, the creator of two of the most popular ape-themed NFT offerings — Bored Ape Yacht Club (BAYC) and OtherSide — suffered from another fishing attack. This time their Discord server was hacked, and the attacker made off with 200 ETH ($360,000) worth of NFTs.
The hack took place after the project’s community manager, Boris Vagner, had his Discord account compromised, which the attacker then used to post phishing links in both the official BAYC and its related metaverse project called Otherside’s Discord channels.
First to spot the hack and tweet about it was user NFTherder, who also estimates 145 ETH (around $260,000) was stolen along with the NFTs, tracing the stolen funds back to four separate wallets.
11 hours later Yuga Labs confirmed the exploit occurred, saying it is still actively investigating the incident.
This is the third time a hacker has been able to impersonate a Yuga Labs-run account to steal users’ funds. The first was on April 1 when Mutant Ape Yacht Club #8662 was stolen through a phishing link posted in the project’s Discord, with the second coming on April 25 after Bored Ape Yacht Club Instagram and Discord accounts posted a fake link to an Otherside minting.
In response to the incident, a BAYC co-founder Gordon Goner blamed Discord for the lapse in security.
However, another crypto project founder Steve Fink blamed the users themselves for compromising their wallets.
All the recent crypto scams are a real wake-up call for NFT owners to exercise caution when dealing with third-party platforms and to double-check anything shared by others, even if they appear trustworthy.