Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Зериккен Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack with investors losing over 145 Ether (ETH) or nearly $260,000 at the time of writing.
OKHotshot, a blockchain detective and a member of the Crypto Twitter community, alerted crypto investors about the compromise of two official Discord groups linked to BAYC and OtherSide NFTs.
BAYC & OtherSide келишпестиктери бузулду‼️
Коомчулуктун менеджери окшойт @BorisVagner анын эсеби бузулду, бул шылуундарга фишингдик чабуулду ишке ашырууга мүмкүндүк берди. 145Е ашуун уурдалган
Туура уруксаттар муну алдын алат pic.twitter.com/lCl2DfZQ0W
— OKHotshot (@NFTherder) Май 4, 2022
According to OKHotshot’s investigations, the attack was conducted by hacking into the Discord account of Boris Vagner, community and social manager for Yuga Labs.
After gaining unrestricted access to the employee’s account, scammers shared various phishing links from Vagner’s Discord account into the official BAYC, Mutant Ape Yacht Club (MAYC) and Otherside groups.
Many users in the Discord groups, unwary about the ongoing scam, fell for the phishing messages that promised limited-quantity giveaways made available for existing NFT holders — as evidenced by the above screenshot.
Concluding the investigation, OKHotshot revealed the wallets that held and transferred the recently compromised NFTs, making the second time BAYC fell victim to an attack in two weeks.
Yuga Labs has not yet responded to Cointelegraph’s request for comment.
байланыштуу: NFT owners reminded to be vigilant after 29 Moonbirds were stolen by clicking a bad link
On May 25, a Proof Collective member lost 29 high-valued Ethereum-based Moonbirds NFTs worth $1.5 million amid an ongoing scam.
29 Moonbirds жаңы эле хакерликте уурдалган.
~750e (~$1,500,000) начар шилтемени басуу менен жоголгон.
Ушундай нерселерди коруп журогум ооруйт. Бул шилтемелерди эч качан чыкылдатпоону жана сиз колдонгон базарларды/соода сайттарын белгилөө үчүн эскертүү болсун. pic.twitter.com/7iWO5LMovL
— Cirrus (@CirrusNFT) 25 мүмкүн, 2022
While the total damage around this hack remains unclear, the recent crypto scams are a harsh wake-up call for NFT owners to exercise caution when dealing with third-party platforms, and to double-check anything shared by others, even if they appear trustworthy.
Source: https://cointelegraph.com/news/yuga-labs-bayc-otherside-discord-groups-breached-over-145-eth-stolen