Yuga Labs, the developer of the popular ape-themed NFTs known collectively as the Bored Ape Yacht Club (BAYC), fell victim to a phishing attack after threat actors gained access to one of their official Discord servers.
According to an investigation led by NFT analyst and blockchain detective OKHotshot, scammers hacked into the Discord account of the BAYC’s community and social media manager and conducted the attack on unaware investors.
Posted on Saturday, the scam claimed to be an exclusive BAYC and Otherside giveaway for existing NFT holders which allowed them to mint free nonfungible tokens.
“We have some exciting news to share to all of you especially all of our BAYC, MAYC, AND Otherside Holders,” read the fraudulent message.
“We are releasing ANOTHER exclusive giveaway to all of our holders listed above! Please note that there’s only a limited quantity, if you are a holder and you were too slow to get one and unfortunately did pay a high gas fee, we proceed for the next coming days. (Just be patient!),” the scam message added.
Visitors would then access the phishing link embedded in the Discord post and have their funds stolen. According to user reports, the threat actors stole over 145 Ethereum or around $250,000.
A similar incident was reported in April, when hackers took over BAYC’s official Instagram account and deceived investors out of $3 million worth of NFTs.
While the extent of the phishing attack is not yet known, the BAYC said that about 200 ETH worth of NFTs was stolen.
“Our Discord servers were briefly exploited today,” the BAYC tweeted on Saturday. “The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating.”
Additionally, the NFT developers reminded investors that they do not offer surprise mints or giveaways.