BAYC and OtherSide witness phishing attack; lose 145 ETH

Image: Shutterstock

Bored Ape Yacht Club (BAYC) and OtherSide, two of the most well-known non-fungible token (NFT) offerings by Yuga Labs, suffered a phishing attack in which investors lost 145 Ether (ETH) or $260,000.

The phishing attack was reported by OKHotshot, a blockchain detective and a member of the crypto Twitter community, via a Twitter post. The blog post alerted the people that BAYC and OtherSide had been compromised. The post read, “BAYC & OtherSide discords got compromised!! Seems because community member @BorisVagner got his account breached, which let scammers execute their phishing attack. Over 145E in was stolen. Proper permissions could prevent this.”

The phishing attack reportedly targeted the official Discord channels of BAYC and OtherSide. OKHotshot investigations revealed that the attack was conducted by hacking into Boris Vagner’s discord account. Boris Vagner is the community and social manager at Yuga Labs.

Once the attacker got unrestricted access to Vagner’s account, the scammers went ahead and shared several phishing links from his account into several Discord channels, including BAYC’s official channel, Mutant Ape Yacht Club (MAYC), and OtherSide groups.

Discord Message sent from Vagner’s account along with the Phishing link. (Source: OkHotshot)

The users unaware of such an ongoing attack fell for phishing messages. These messages promised limited-quantity giveaways for existing NFT holders “as a small token of appreciation”, along with the phishing link attached. The investigations also revealed that this attack was the second time BAYC fell prey to such an attack in the last few weeks. OkHotshot also revealed the wallets which held and transferred the recently compromised NFTs.