A Discord server for Yuga Labs, creators of the Bored Ape Yacht Club NFT series, was breached over the weekend. The breach resulted in a phishing attack with over $360,000 in NFTs stolen.
NFT owners often gather in Discord servers to organize and talk about their collection. The server has come under two phishing attacks already this year, making this the third occasion in which the server was breached. Yuga Labs confirmed the news of the scam targeting the Discord server in a tweet, stating it was actively investigating the incident.
The Discord account of a BAYC staffer and project community manager, Boris Vagner, was hacked. The hacked account then posted phishing links in official channels associated with the BAYC Discord server and its metaverse project, Otherside. The compromised account promised targets an exclusive giveaway with a phishing link.
“As a reminder, we do not offer surprise mints or giveaways,” Yuga Labs’ official Twitter account tweeted after the incident. The group has provided an email address for impacted users to report theft. At this time, it’s unclear how the targeted users will be compensated for the NFTs that were stolen. It’s also unclear how Universal Music Group plans to create a digital band out of something that is mostly associated with poor artwork and scams.
Back in April 2022, two similar phishing attacks were executed against the same Discord server. According to the Federal Trade Commission report on Consumer Protection Data, online users have lost a collective $1 billion in crypto to scams since the beginning of 2021. It’s unclear how the community manager’s Discord account was compromised at this time.
Bored Ape Yacht Club Co-Founder Gordon Goner has pointed fingers at Discord. “Discord isn’t working for web3 communities,” the tweet begins. “We need a better platform that puts security first.” Discord is the most popular communication tool among NFT communities, but it’s intended as a gamer-oriented version of Slack.