According to OKHotshot’s investigation, the attack was carried out by hacking the Discord account of Boris Vagner, PR and social media manager for Yuga Labs.
Yuga Labs, creator of two of the most popular monkey-themed non-fungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed another orchestrated phishing attack that resulted in investors stealing more than 145 ether (ETH), or nearly 260 000 USD. dollars lost at the time of writing.
OKHotshot, a blockchain detective and member of the Twitter crypto community, has warned crypto investors about the compromise of two official NFT-related Discord groups BAYC and OtherSide.
According to OKHotshot’s investigation, the attack was carried out by hacking the Discord account of Boris Vagner, PR and social media manager for Yuga Labs.
Having gained full access to the employee’s account, the scammers sent various phishing links from Wagner’s Discord account to the official groups BAYC, Mutant Ape Yacht Club and Otherside.
Discord message from hackers with a phishing link. Source: OKHotshot
Many users in Discord groups, unaware of the ongoing scam, fell for phishing messages promising a limited number of freebies available to existing NFT holders, as shown in the screenshot above.
Concluding the investigation, OKHotshot exposed wallets used to store and transfer newly compromised NFTs, causing BAYC to be attacked for the second time in weeks.
Yuga Labs has not yet responded to Cointelegraph’s request for comment.
Related: NFT owners reminded to be vigilant after 29 Moonbirds were stolen by clicking on broken link
On May 25, a Proof Collective member lost 29 valuable Ethereum-based Moonbirds NFTs worth $1.5 million in an ongoing scam.
While the overall damage caused by this hack remains unclear, the recent crypto scams are a severe wake-up call for NFT holders to exercise caution when dealing with third-party platforms and verify everything others share, even if they appear to be trustworthy.
