Frame-14

Privacy Ninja

Bored Ape Yacht Club, Otherside NFTs Stolen in Discord Server Hack

Bored Ape Yacht Club, Otherside NFTs Stolen in Discord Server Hack

Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab’s Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam.

Earlier this morning, the Discord account for a Yuga Labs community manager was allegedly hacked to post a phishing scam on the company’s Discord servers.

This phishing scam pretended to be an exclusive, limited giveaway for existing BAYC, Mutant Ape Yacht Club (MAYC), and Otherside NFT holders, which included a link to a webpage that allowed a visitor to mint the free NFT.

As you can read below, the phishing scam added a sense of urgency, stating that only a limited amount of NFTs was available to be minted, which likely pushed visitors to abandon caution and rush to mint the free giveaway.

Also Read: Letter of Consent MOM: Getting the Details Right

Phishing post on BAYC Discord Server
Phishing post on BAYC Discord Server
Source: OKHotshot

Once a user visited the page and attempted to mint the giveaway, the page likely stole all Ethereum and NFTs held in the linked wallet.

According to blockchain cybersecurity firm PeckShield, approximately 32 NFTs were stolen, including those from the Bored Ape Yacht Club, Otherdeed, Bored App Kennel Club, and Mutant Ape Yacht Club projects.

List of NFTs stolen through the phishing scam
List of NFTs stolen through the phishing scam
Source: PeckShieldAlert

Users also report that the hackers stole over 145 Ethereum during the phishing attack, worth approximately $250,000.

Also Read: A Look at the Risk Assessment Form Singapore Government Requires

In April, a similar phishing attack occurred after Yuga Lab’s Instagram account was hacked to promote a phishing scam that allowed approximately $3 million worth of NFTs to be stolen.

At the time, Yuga Labs announced that they would never announce mints on Instagram, and users should only rely on posts from their Twitter accounts and Discord servers.

“We will also NEVER announce mints on the BAYC or Otherside Instagram accounts first, ever,” read a tweet from the Bored Ape Yacht Club Twitter account.

“Only obtain information from our official twitter accounts: @BoredApeYC, @yugalabs, and @OthersideMeta. These will be crossposted on the #announcement channel of BAYC Discord.”

It is unclear how the community manager’s account was compromised and if two-factor authentication was enabled, which usually prevents these attacks.

BleepingComputer has contacted Yuga Labs with questions about the phishing attack but has not received a response at this time.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us