During the weekend, NFT hackers may have successfully abducted their most high-profile victim of 2022 for the second time this year. According to a member of the cryptocurrency community named OKHotshot, who tweeted this information on June 4, investors in Yuga Labs lost a total of more than $270,000 worth of ETH after their Discord channels were compromised.
🚨BAYC & OtherSide discords got compromised‼️
Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen
Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W
— OKHotshot (@NFTherder) June 4, 2022
Yuga Labs is the company that is responsible for the Bored Ape Yacht Club (BAYC) and Otherside, which are two of the most well-known initiatives using NFT. According to DappRadar’s calculations, the total trading volume of BAYC has exceeded $2 billion during the whole of the platform’s existence. It holds the sixth spot out of over 13000 different traders who are monitored by the tracker.
OKHotshot’s research revealed that a significant portion of the user population hosted on the company’s servers fell victim to the phishing scheme. When the hackers publicized limited-quantity giveaways on the network, many holders of NFT tokens moved their tokens to fake wallets instead of keeping them in their original wallets. OkHotshot has also disclosed the contents of a number of these wallets to the general public.
PeckShield, a security company, claims that 32 NFTs were taken without permission, some of which came from the Mutan Ape Yacht Club (MAYC), which is an offshoot of the Bay Area Yacht Club (BAYC). At the time that this piece was written, the market value of ETH was around $370,000; however, the security company estimated that the entire loss was closer to $200 worth of ETH.
On the other hand, BAYC has already been the target of an attempt to hack it. According to the reports that were accessible at the time, something in the neighborhood of one hundred NFTs was taken from the project’s Instagram account in April. This information was obtained by accessing the user’s account directly.
The mint is now unavailable for customer service. It seems that someone gained unauthorized access to the BAYC Instagram account. After that, on April 25, BAYC issued a warning via a tweet that users should not mint anything, click on any links, or connect their wallets to anything.
It should not come as a surprise to learn that the BAYC project is not the only one to be singled out in this manner. On May 25, a user made a careless mistake that resulted in the loss of the Moonbirds collection, which consisted of 29 NFTs. These NFTs had a value of $1.5 million before being destroyed. When they were destroyed, however, they were worth nothing. Another $1.7 million worth of cryptocurrencies was taken from OpenSea, which is one of the biggest NFT exchanges in the world, in February.