BAYC creator Yuga Labs is facing questions again about its security measures in just less than two months after someone compromised the official Bored Ape Yacht Club Instagram account to steal $2.4 million worth of NFTs. A scammer carried out a phishing attack that netted them 200 Ethereum worth of NFTs In the early hours of June 4th, according to Web3 is Going Great. The hacker reportedly used the official Bored Apes Discord to promote a fake giveaway exclusive to holders of Bored Ape, Mutant Ape and Otherside NFTs after obtaining the login credentials of a community manager.
“Do not mint through ANY other websites,” the announcement said after linking to the website the hacker used to steal the NFTs. “This is the only official site!”. One BAYC and two Mutant Apes tokens were stolen in the scam according to data from blockchain security firm PeckShield. The entire trove is worth more than $357,000 at the current Ethereum exchange rate.
“Our Discord servers were briefly exploited today,” said Yuga Labs. “The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted.” The case is still under investigation as said by the company. The BAYC Discord is among a handful of other servers tied to high-profile NFT projects, which was also hacked at the start of April when a bad actor compromised the CAPTCHA bot Yuga Labs used to deter spammers.