Key facts:
The attack came about through a hack of BAYC’s servers on Discord.
According to analyst OKHotshot, they spoofed the identity of BAYC’s community manager.
Yuga Labs, creator of the Bored Ape Yacht Club (BAYC) non-fungible tokens (NFTs) and the OtherSide metaverse, was the victim of a second hack in two months. On this occasion, the attack caused the loss of several collectibles valued at 200 ethers (ETH), equivalent to USD 350,000, although different versions are handled on this aspect.
The attack was detected by the Onchain analyst, OKHotshot, who sent a message on the social network Twitter, alerting what had happened. In a first tweet he indicated that BAYC and OtherSide’s Discord accounts were compromised.
OKHotshot commented that apparently hackers breached the account of Boris Vagner, community manager of BAYC.
“We are launching another exclusive giveaway for all BAYC, MAYC and Otherside NFT owners. Since Otherside was one of our biggest successes, both for our team and for all our holders who currently own one, we decided to throw one last gift to the holders as a token of our appreciation, “this was part of the message sent by the attackers.
The post was accompanied by a link of phishing which led to a fake websitewhere the theft of NFTs occurs.
According to blockchain analytics firm PeckShield, they were stolen 32 NFT, including 1 BAYC, 2 MAYC, 5 Otherdeed, 1 BAKC.
It is important to note that the phishing It consists of the online impersonation of an authority, company, website or even someone. Its main goal is to trick the victim into revealing their confidential information. In this way, an attacker could access the accounts or wallets and steal the victim’s funds, as defined by the CriptoNoticias Criptopedia.
The company acknowledged the attack
Hours after the OKHotshot alert, the company recognized that their Discord servers were attacked.
“The team caught him and quickly tackled him. It seems that about 200 ETH in NFT has been affected. We’re still investigating, but if you were affected, please email us at [email protected].”
This is the second attack against Yuga Labs in two months, the first was reported by CriptoNoticias last April. On that occasion, the official BAYC Instagram account was hacked by publishing a malicious link that allowed the theft of 91 digital pieces.
Something that is also similar to the April attack was that it was carried out through phishingat the time a link to a fake BAYC website, promising a air drop. Users were required to sign a transaction after which all of their assets were transferred to a wallet controlled by the attacker.
Between the April attack and the one currently reported, Yuga Labs has faced losses of as much as $2,500,000.