Hackers have stolen cryptocurrency and non-fungible tokens (NFTs) after compromising a Discord server run by Yuga Labs, the creator of leading NFTs such as the Bored Ape Yacht Club (BAYC) and the Mutant Ape Yacht Club (MAYC). The successful attack involved the compromise of an account belonging to Yuga Labs Community and community manager Boris Vagner. With access to Vagner’s account, those behind the attack posted phishing links in both the official BAYC and the Otherside Discord channels. Yuga Labs has officially acknowledged that there was a breach stating that an investigation is underway.

The phishing messages, pretending to be from Vagner, promised an exclusive giveaway with a message that only those holding BAYC, Mutant Ape Yacht Club and Otherside NFTs could participate. The holders were then sent to a phishing site that asked users to enter their login details. Once the login details were handed over, the attackers then stole Ether and NFTs held in the account’s linked wallet. Access to the Discord server was eventually returned to Yuga Labs but not before the damage was done.

Twitter user NFTherder was the first to reveal the hack to the public and as per a report by Bleeping Computer those behind the attack stole an estimated 145 Ether worth approximately $250,000 (roughly Rs. 2 crore) and 32 NFTs. The official Twitter account of BAYC states that the stolen NFTs were worth around 200 ETH (roughly $361,000 or Rs. 2.8 crore).

Despite what appears to be a lapse on Yuga Labs’ part, one of the founders of BAYC is of the opinion that Discord is to blamed for the hack in this case.

This isn’t the first time a Yuga Labs account has been compromised either. In a nearly identical attack, hackers obtained access to the BAYC Instagram account in April and then sent out phishing messages with malicious links. NFTs valued at about $13.7 million (roughly Rs. 105 crore) were stolen.

In the Instagram case, Yuga Labs claimed two-factor authentication was enabled and the security practices surrounding the Instagram account were tight.


Source link

Leave a Reply

Your email address will not be published.