Early reports of Bored Ape Yacht Club’s (BAYC) Discord server’s hack on Twitter raised suspicions that it was part of the world’s pranks. However, it turns out that this wasn’t a prank after all because the hack caused a much more serious issue than a few spam messages.
BAYC Discord Hacked
The official Discord server used to host members of Bored Ape Yacht Club, Mutant Ape Yacht Club, and Mutant Ape Kennel Club, three of Yuga Labs’ NFT collections, was hacked by an unknown perpetrator. Wallet addresses associated with the phishing attack have been marked as fraudulent after the hackers sent funds obtained from them to them.
The BAYC team confirmed that their Discord server was compromised through Twitter. During the attack, the hackers were able to steal a valuable item from the club, the Mutant Ape Yacht Club (MAYC) NFT.
Although the NFTs in the club’s collection were listed at a floor price of 23.6 ETH, the NFT 8862 was offered at a lower price of 21.3 ETH. The community only noted that the situation was serious after this theft happened.
It wasn’t only a problem with BAYC; another NFT Collection staff member, Doodles, experienced a similar issue with its Discord server. It is estimated that 1,000 spambots flooded the server’s ‘General chat’ channel with messages directing users to mint NFTs.
As it turned out, it wasn’t the first time Doodles had been compromised. A hacker managed to penetrate the collection’s Discord server not too long ago, on February 27. However, the team quickly dealt with the issue and secured Discord.
How the Hack Occurred
Serpent, a Twitter user who claims to have found the cause of the hack, has yet to receive official confirmation from the BAYC team. The Ticket Tool was the real culprit behind the hack, in Serpent’s opinion. In addition to the Captcha Bot being hacked, the user stated that inside information obtained from the hackers revealed they had stolen the source code.
At this point, BAYC has only issued a precautionary message to its Discord members, urging them to be cautious of messages shown on the Discord server, saying, “STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.”
Discord Hack on NFT are Becoming Popular
A common route for hackers to carry out phishing attacks on NFT collectors is to compromise Discord accounts. Two NFT projects, Fractal and Monkey Kingdom, were victims of the same attack in December. The teams engaged both projects with their communities through their Discord chat servers. On the day of their presales, both projects planned to distribute rewards to their community members.
Both projects had claimed that a limited edition NFT would be given to its supporters. Unfortunately, for those who followed the link, their wallets were secretly being drained. Fractal and Monkey Kingdom posted messages on their respective platforms in less than an hour, stating that their servers had been hacked. About $150,000 worth of cryptocurrency was taken from Fractal by the scammers. An estimated total of $1.3 million was reported for the Monkey Kingdom.
NFT projects are especially vulnerable to this type of attack due to their fast sell-out times, making them hard to resist. As a result, early adopters are more likely to act quickly once they see an announcement on Discord that gives them an edge. In turn, it enables scammers to leverage fake messages to devastating effect.