‘Bored Ape’ NFTs worth $360,000 stolen after buyers clicked on a fake giveaway

The hackers used a phishing link posted in the Discord server after breaching the account of a community manager

Adam Smith
Monday 06 June 2022 11:59 EDT
Comments
(Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Bored Ape Yacht Club (BAYC) Discord server was hacked last weekend 200 ETH ($360,000) worth of NFTs stolen.

“Our Discord servers were briefly exploited today. The team caught and addressed it quickly”, the official BAYC account tweeted on 4 June.

“As a reminder, we do not offer surprise mints or giveaways”, it wrote in a follow up.

According to data from blockchain security firm PeckShield, one BAYC and two Mutant Apes tokens were stolen in the scam.

The scam was conducted via the alleged hack of Yuga Labs community manager Boris Vagner’s Discord account. Once in control of the account, the hackers claimed that the group was offering an exclusive giveaway with a link to a phishing site.

Once users visited the site and attempted to mint the NFT, it is likely that their cryptocurrency was stolen.

Around 32 NFTs were stolen, including those from the Bored Ape Yacht Club, Otherdeed, Bored App Kennel Club, and Mutant Ape Yacht Club projects, blockchain cybersecurity firm PeckShield.

"Hey @everyone we were hacked an hour ago hopefully no one clicked any links,” Richard Vagner said in a Discord message at 09:00 UTC, according to Fortune.

“We’ve got back control of the discord and Boris’s account thank god he didn’t delete the whole server.”

The Independent has reached out to Yuga Labs for comment.

NFTs, and specifically the Bored Ape Yacht Club, has been the target of numerous attacks. Last month, its official Instagram account was compromised. “There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything,” the group wrote in a tweet.

Blockchain records show that an address thought to belong to the hacker received 134 NFTs within the space of a few hours, according to Motherboard. It is unclear how the account was compromised.

Before that, one NFT collector had $2.2 million worth of ape images stolen by hackers after falling for a phishing link. 

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in