BAYC and OtherSide witness phishing attack; lose 145 ETH
Discord groups of Yuga Labs' BAYC and OtherSide were hit by a phishing attack, causing investors to lose 145 Ether
By Shashank Bhardwaj
Bored Ape Yacht Club (BAYC) and OtherSide, two of the most well-known non-fungible token (NFT) offerings by Yuga Labs, suffered a phishing attack in which investors lost 145 Ether (ETH) or $260,000.
The phishing attack was reported by OKHotshot, a blockchain detective and a member of the crypto Twitter community, via a Twitter post. The blog post alerted the people that BAYC and OtherSide had been compromised. The post read, “BAYC & OtherSide discords got compromised!! Seems because community member @BorisVagner got his account breached, which let scammers execute their phishing attack. Over 145E in was stolen. Proper permissions could prevent this.”
The phishing attack reportedly targeted the official Discord channels of BAYC and OtherSide. OKHotshot investigations revealed that the attack was conducted by hacking into Boris Vagner’s discord account. Boris Vagner is the community and social manager at Yuga Labs.
Once the attacker got unrestricted access to Vagner’s account, the scammers went ahead and shared several phishing links from his account into several Discord channels, including BAYC’s official channel, Mutant Ape Yacht Club (MAYC), and OtherSide groups.
Discord Message sent from Vagner’s account along with the Phishing link. (Source: OkHotshot)
The users unaware of such an ongoing attack fell for phishing messages. These messages promised limited-quantity giveaways for existing NFT holders “as a small token of appreciation”, along with the phishing link attached. The investigations also revealed that this attack was the second time BAYC fell prey to such an attack in the last few weeks. OkHotshot also revealed the wallets which held and transferred the recently compromised NFTs.
Previously, on May 25, another attack caused a Proof Collective member to lose 29 high-valued ETH-based Moonbirds NFTs, costing the member $1.5 million.
Yuga Labs is yet to make any official statement on the attack. The total loss from the attack is yet to be made clear. However, the increase in the frequency of such attacks in recent months is a warning sign for NFT owners to be careful while dealing with third-party platforms. Even if the link appears trustworthy or comes from a known source, it is always advisable to double-check everything before making a move.
The writer is the founder at yMedia. He ventured into crypto in 2013 and is an ETH maximalist. Twitter: @bhardwajshash
Crypto wallet users are warned as scammers might get active during the potential Ethereum hard fork