Yuga Labs, the creator of the popular non-fungible token (NFT) collection Bored Ape Yacht Club (BAYC), alerted the NFT community about a potential threat.
Details of the Possible Threat to NFT Users
In a tweet on late Monday (July 18, 2022), Yuga Labs put out a security alert stating that a threat group could launch an organized hack attempt on multiple NFT communities, and advised holders to be watchful. According to the tweet:
“Our security team has been tracking a persistent threat group that targets the NFT community. We believe that they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts. Please be vigilant and stay safe.”
The warning comes shortly after attackers hacked the NFT platform Premint. As reported by crypto.news, the Premint team announced the hack on their Twitter page and urged users not to click links and sign any transaction.
Furthermore, the platform said that only a few users were affected, thanks to the warnings from the community. However, an incident analysis from blockchain security firm CertiK on July 17th noted that about six wallets were exploited.
The attacker managed to steal over 300 NFTs, some of them including BAYC, Goblintown, and Otherside, with the total value of the stolen NFTs worth 275 ETH (over $419,000 at the current price).
Following the hacking incident, Premint released a new feature enabling users to connect their wallets to Discord or Twitter and log in to their Premint accounts via any of the two social media.
Yuga Labs’ Many Security Challenges
Meanwhile, it is not the first time Yuga Labs is making such a security warning. Back in June, co-founder Gordon Goner revealed information about a potential attack on the company’s social media accounts. Goner added that the platform would never conduct surprise mints.
Yuga Labs NFT creation BAYC has suffered several hacks in recent times. Shortly before Goner’s warning, attackers breached the platform’s Discord servers for the second time, luring users with a fake giveaway via a malicious link. The first Discord server hack happened earlier in April.
Also, rogue actors hacked BAYC’s Instagram account and posted a scam link which some holders clicked on and consequently led to their NFTs being stolen. The attacker was able to make away with about 24 Bored Apes and 30 Mutant Apes.
Apart from BAYC, the NFT space has been plagued with scam attacks. In may, NFT marketplace giant OpenSea saw its Discord server infiltrated by hackers who promoted a scam NFT token in fake collaboration with YouTube.
The firm also suffered a phishing attack, with the scammers stealing NFTs worth $1.7 million. As a result of the continuous attacks, OpenSea launched a new feature to protect the platform against frauds and hacks.
Earlier in July, another NFT marketplace Quixotic, which runs on Optimism, hackers breached the platform’s contract and drained ERC-20 tokens. Meanwhile, Quixotic assured that affected customers will be refunded.