According to Yuga Labs, the Bored Ape Yacht Club (BAYC) Discord server was hacked on Saturday, and the attacker made off with 200 ETH ($360,000) worth of NFTs. Boris Vagner, the project’s community manager, had his Discord account hacked, and the attacker utilised it to send phishing links on both the main BAYC and its linked metaverse project named Otherside’s Discord channels. NFTherder, a Twitter user, was the first to disclose the attack, estimating that 145 ETH (about $260,000) was taken along with the NFTs, and traced the stolen assets back to four different wallets.
Yuga Labs later verified the vulnerability in a tweet of its own, stating that it is currently looking into the matter. It took 11 hours after NFTHerder’s tweet for it to happen. Richard Vagner, a Grammy-winning multi-instrumentalist who co-founded the NFT fantasy football club Spoiled Banana Society (SPS) with Boris, is also managed by Vagner.
This is the third time a bad actor has been able to steal money from Yuga Labs users by impersonating a Yuga Labs account. On April 1, Mutant Ape Yacht Club #8662 was stolen when a phishing link was shared in the project’s Discord, then on April 25, the Bored Ape Yacht Club Instagram and Discord accounts uploaded a bogus link to an Otherside minting.