Yuga Labs’ BAYC, Otherside Discord servers hacked, over 145 ETH stolen

Another phishing attack on Yuga Labs occured due to hackers being able to access a compromised social media account to share phishing links to the platform’s followers.
June 06, 2022 - Cynthia Chung

OKHotshot, a Blockchain detective and member of the Crypto Twitter community, revealed another attack of Yuga Labs’ most popular NFTs -  Bored Ape Yacht Club (BAYC) and OtherSide. These phishing attacks took place due to the two NFT collections’ Discord servers, resulting in a loss of over 145 ETH, around US$ 260,000 at the time of writing. 


OKHotshot’s investigation found that the attack was carried out by hacking into the Discord account of Boris Vagner, community and social manager for Yuga Labs. The hackers were then able to send phishing links from Vagner’s Discord account into the official BAYC, Mutant Ape Yacht Club (MAYC) and Otherside groups, luring victims under the pretense of an exclusive NFT giveaway. A total of 145 ETH (32 NFTs) were stolen, including 1 BAYC, 2 MAYC, 5 Otherdeeds, and 1 BAKC NFT.


OkHotshot also revealed the wallet addresses that transferred and stored the stolen NFTs, marking the second time BAYC suffered a hack, just two months prior to this incident. 


‘Hey @everyone we were hacked an hour ago. Hopefully no one clicked any links,’ Vagner wrote in a Discord message at 09:00 UTC. “We’ve got back control of the discord and Boris’s account. Thank god he didn’t delete the whole server.’


Yuga Labs also confirmed the attack afterwards via Twitter, which read ‘Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at discord@yugalabs.io.’


The previous attack saw hackers breach BAYC’s official Instagram page and shared phishing links to a fake airdrop to the NFT project’s followers. Victims who connected their MetaMask wallets to the phishing website were drained of their BAYC NFTs, approximately 100 were stolen. 

Just last week, actor Seth Green came under the spotlight as a new phishing attack victim. His NFT: Green's Bored Ape Yacht Club #8398, which he named Fred Simian was stolen, at the same time, Green lost IP rights to his NFT thus was stripped of the right to use the NFT avatar in the animated series it was set to star in Green’s new show. 


Crypto and NFT investors should be aware of the recent spate of crypto and NFT scams by being careful when dealing with third-party platform and run a background check on any links and platforms even if they appear authentic. 


Photo: Bored Ape Yacht Club



Coinbase claims Apple blocks its wallet app from releasing NFTs

Dec 02, 2022

China activists uses NFTs and IPFS storage to bypass censorship

Dec 01, 2022

OpenSea integrates BNB Chain NFTs

Nov 30, 2022

Candy Digital lays off one-third of its staff

Nov 30, 2022