Yuga Labs (Bored Ape Yacht Club NFTs) Discord Breached - 200 ETH Stolen - News Brief

avatar


Photo Source

On Saturday, June 4, 2022, "Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack"....[Sarkar, A. Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack. (Accessed June 5, 2022)]. Yuga Labs has confirmed the magnitude of the loss at 200 ETH ($360,000) even though "news of the hack was first reported by Twitter user NFTherder, who also estimates 145 ETH (around $260,000) was stolen along with the NFTs, tracing the stolen funds back to four separate wallets" [Tan, E. Yuga Labs Confirms Discord Server Hack; 200 ETH Worth of NFTs Stolen. (Accessed June 5, 2022)].

20220605 2.png
Photo Source

After gaining unrestricted access to the employee’s account, scammers shared various phishing links from Vagner’s Discord account into the official BAYC, Mutant Ape Yacht Club (MAYC) and Otherside groups. Many users in the Discord groups, unwary about the ongoing scam, fell for the phishing messages that promised limited-quantity giveaways made available for existing NFT holders — as evidenced by the above screenshot. Concluding the investigation, OKHotshot revealed the wallets that held and transferred the recently compromised NFTs....

[Sarkar. Supra].

It should be noted that this is the second time in the past two weeks BAYC has been the victim of an exploit; [See Sun, Z. Bored Ape Yacht Club NFTs stolen in Instagram phishing attack. (Accessed June 5, 2022)].

Yuga Labs confirmed the exploit some 11 hours after the NFTHerder's tweet, in a tweet of its own:

20220605 3.png
Photo Source

An awful lot of finger pointing is going on behind the scenes:

In response to the incident Saturday, one BAYC founder blamed Discord for the lapse in security. 'Discord isn't working for Web 3 communities', Gordon Goner said in a tweet. 'We need a better platform that puts security first'. However, another crypto project founder blamed the users themselves for compromising their wallets. 'You lost your NFT because you signed a malicious transaction with your key', Steve Fink wrote. 'Stop blaming Discord, another client won't save you from repeating the same mistakes'.

[Tan. Supra].

200 ETH in NFTs stolen is actually quite vague as that sum would only yield you 2 BAYCs if purchased. Therefore it is implied that the exploits extended beyond BAYC NFTs. "According to Certik, the attack comprised many different NFT projects including Alien Frens, Mutant Ape Yacht Club, Lazy Lions, and Invisible Friends. Though, BAYC 3215 did manage to exchange hands" [Kaczur, J. What You Need To Know About The Yuga Labs Discord Hack. (Accessed June 5, 2022)].

The Certik 'Sky Trace Alert' that was tweeted appears as follows:

20220605 6.png
Photo Source

"Bored Ape Yacht Club told anyone affected by the phishing attack to email them. They also gave a reminder that they, 'do not offer surprise mints or giveaways' [Tan. Supra].

There presently is a lot of criticism flowing from the BAYC community coupled with many suggestions for better investor protection. Nonetheless, "the easiest solution unfortunately comes down to using common sense. At the end of the day, a phishing attack only works if you let it work". [Id].

Posted Using LeoFinance Beta



0
0
0.000
0 comments