Discord security programmer Serpent noted that the hacker carried out the attack using the Discord bot Ticket Tool.
The Discord channel of the Bored Apes Yacht Club collection has been hacked. The team confirmed this today in a Twitter post.
According to PeckShield, an unknown hacker gained access to the Discord channel that hosts all three collections by Yuga Labs Vis Bored Ape Yacht Club, Mutant Ape Yacht Club and Mutant Ape Kennel Club. Using a phishing link, the hacker was able to steal MAYC #8662. Additionally, 1 BAYC #3738, 1 MAYC, and two Doodle NFTs Doodles belonging to Jay Chou were also stolen.
Stolen funds have been transferred to an Ethereum wallet. This wallet has since been reported and labelled as fraudulent.
How the Discord Channel was Compromised
The hacker disguised a phishing link as a stealth NFT mint. A message posted on the Yuga Labs Discord channel encouraged users to claim exclusive Apecoin rewards by staking Mutant Ape Kennel Club NFTs. Many initially thought it had something to do with April Fools’ day. Afterward, users were directed to a fake website where at least one MAYC got stolen.
The BAYC team announced it noticed the compromise of one of its webhook and was handling the situation. “We are not doing any April Fools Stealth Mint”, the firm announced. It then went on to advise all community members to avoid any stealth mints. The team tweeted:
“STAY SAFE. Do not mint anything from any Discord right now. Other Discords are also being attacked.”
Discord security programmer Serpent noted that the hacker carried out the attack using the Discord bot Ticket Tool. The bot automatically generates support tickets and is on the servers of many Discord accounts. There are indications that similar attempts are being made across multiple collections including Doodles, Shamanz and Nyoki. Consequently, Serpent went on to advise all users to take down the captcha bot from their servers for safety reasons.
Not a New Method
This isn’t the first time hackers will compromise Discord accounts in a bid to target NFT collectors. A few weeks ago, Rare Bears, a new NFT collection, lost assets worth over $790,000 to phishing attacks through its Discord account. Also, in November 2021, NFT collector Calvin Becerra lost 3 bored apes to scammers on Discord.