Yuga Labs’ Bored Ape Yacht Club (BAYC) NFT marketplace was hacked over the weekend, losing up to 200 ETH ($360,000) in NFTs.
BAYC’s discord server was hacked after its project community manager, Boris Vagner, had his discord account compromised, resulting in hackers posting phishing links to the BAYC website along with its associative metaverse platform.
Twitter user @NFTherder, broke the news of the hack last Saturday, in a tweet seemingly attributing the hack to a lack of ‘permissions’ enabling the attack.
“BAYC & OtherSide discords got compromised. Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen. Proper permissions could prevent this,” stated the Twitter account.
Gordon Goner, Co-Founder of Yuga Labs and BAYC, reaffirmed the sentiment that more security measures are needed to protect discord users.
“Discord isn’t working for web3 communities. We need a better platform that puts security first,” stated Goner.
This is the second time in the last 2 months that BAYC has suffered an attack from hackers, losing up to $2.8 million worth of NFTs last April.
The previous hack was caused due to a bad actor compromising the CAPTCHA bot used by Yuga Labs to prevent spammers.
The BAYC Twitter account assured users they are still investigating the attack in a statement on their account.
“Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating. As a reminder, we do not offer surprise mints or giveaways.”