Around the WEB
Posts
Phishing for Apes

Phishing for Apes

Bored Apes Yacht Club discord server compromised...again. Thieves making off with NFTs worth millions.

June 06, 2022

Early Saturday morning members of the Bored Ape Yacht Club were greeted with an exclusive giveaway announcement. Unknowingly to several victims, the announcement was a malicious phishing attempt directing users to a website that drained their accounts.

🚨BAYC & OtherSide discords got compromised‼️
Seems because Community Manager @Bor@BorisVagner his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen
Proper permissions could prevent this http
— OKHotshot (@NFTherder)
10:46 AM • Jun 4, 2022

This was later confirmed by PeckShield, a blockchain security company, that 32 different NFTs were stolen. The BAYC twitter was slow to respond to the issue tweeting much later in the afternoon to remind their members that they don't offer surprise mints.

Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at [email protected].
— Bored Ape Yacht Club (@BoredApeYC)
8:16 PM • Jun 4, 2022

A more frequent occurrence

Unfortunately this is isn't the first time BAYC has been compromised. Earlier this year in April, their Discord and Instagram accounts were hacked and used to steal around $13 million worth of NFTs.(WatcherNews) This most recent hack was far less severe, but brings into question the security of many projects. OkHotshot also reported a variety of other projects being affected the same day.

Getting reports that the following #nft Discords were also compromised today. Might not be related to the BAYC breach though. Be careful ⚠️
Camo Chameleon Club
Wibin Wolves
Art of Mob
Not Bored Apes (solana)
Cardania
— OKHotshot (@NFTherder)
11:13 AM • Jun 4, 2022

During the first quarter of 2022, hackers siphoned over $1.2 billion into their own pockets, which is around 10x more than the previous 2021 Q1 amount of $154 million. (yahoo!finance) Although crypto prices have seen significant pullbacks since early November, new hacks and exploits are being discovered every week.

Let's take a glance at the top hacks/exploits in recent history:

Ronin Bridge: $615 million
Poly Network: $613 million
Wormhole: $322 milion
BitMart: $200 million
BadgerDAO: $150 million

See Chainalysis for a deeper breakdown of hacks

The recent Bored Apes Yacht Club hack is a drop in the bucket compared to other situations, but is a great reminder to protect your digital assets.

Some of the best ways to prevent anything like this from happening:

Never share your private key or recovery phrase with anyone
Double check sites where your wallet is connected to be sure they're the real deal.
Use separate wallets for holding crypto/NFTs and another for transacting on Dapps.

Although nothing will ever be 100% secure on the blockchain, some key precautions like these may just keep you safe.