Hackers allegedly took more than $257,000 in Ethereum and 32 NFTs after the Yuga Lab’s Bored Ape Yacht Club and Otherside Metaverse Discord services were hacked to launch a phishing scheme. A Yuga Labs community manager’s Discord account was reportedly hacked and used to spread a phishing scheme on the company’s Discord servers.
This phishing scam posed as an exclusive, limited offer for current BAYC, Mutant Ape Yacht Club (MAYC), and Otherside NFT holders, and supplied a link to a webpage where visitors could mint the free NFT. The phishing campaign added urgency by claiming that only a limited number of NFTs could be minted, prompting visitors to disregard caution and hurry to mint the freebie.
The page certainly stole all Ethereum and NFTs held in the associated wallet after a user visited the webpage and attempted to mint the giveaway. The blockchain cybersecurity company PeckShield disclosed that nearly 32 NFTs were taken, including those from the Bored App Kennel Club, Bored Ape Yacht Club, Otherdeed, and Mutant Ape Yacht Club initiatives.
Users further claim that the hackers took over 145 Ethereum worth over $250,000 during the phishing assault. A similar phishing scam occurred in April when Yuga Lab’s Instagram account was hacked to push a phishing fraud that resulted in the theft of nearly $3 million in NFTs. Yuga Labs stated that they would never announce mints on Instagram, instead directing people to their Discord servers and Twitter accounts.
“We will also NEVER announce mints on the BAYC or Otherside Instagram accounts first, ever,” read a tweet from the Bored Ape Yacht Club Twitter account. “Only obtain information from our official twitter accounts: @BoredApeYC, @yugalabs, and @OthersideMeta. These will be crossposted on the #announcement channel of BAYC Discord.”
It’s unknown how the community manager’s account was hacked or whether two-factor authentication was turned on, which generally protects against such cyberattacks. Questions concerning the phishing scam have been sent to Yuga Labs, but no response has yet been received.