Another day brings another NFT-related scam to the forefront of news tickers. While details are still scarce at the moment, apparently, the Discord channel of the Bored Apes Yacht Club (BAYC) has been hacked, thereby placing its native token, ApeCoin (APE), under a watch as the probability of an ensuing carnage remains material.
BAYC & OtherSide discords got compromised
Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen
Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W
— OKHotshot (@NFTherder) June 4, 2022
To wit, it appears that the Discord account of BAYC Community Manager, Boris Vagner, was hacked. As a refresher, hackers often exploit the "Webhook" feature of Ethereum to carry out pilfering attacks. Basically, a Webhook is like a push notification that informs users of state changes resulting from eligible actions – mined transactions, dropped transactions, address activity, and gas prices. These Webhooks are used by many applications, including Discord, to listen for a notification sent to a particular URL and then trigger a response, such as posting content on the Discord channel.
BAYC AND OTHERSIDE DISCORD HACKED
DO NOT CLICK THE LINK pic.twitter.com/Z30yzDnEnl
— EthanDG (@0xEthanDG) June 4, 2022
Coming back, the hackers then apparently used Vagner's Discord account to send out messages of "free giveaways" that required users to connect their wallets with a phishing address. This allowed the hackers to siphon off the contents of the connected wallets.
It won't stop happening cuz of how Ethereum is designed. Their smart contract message-orientated system requires an approval signature before being able to do anything with assets. Scammers use this security flaw to trick folk into delegating control of their assets over to them.
— Inspector Crypto.xrd (@Inspectr_Crypto) May 23, 2022
As per preliminary reports, 32 NFTs have been stolen as a result of this attack, netting the hackers around $250,000. Meanwhile, the ApeCoin appears to be holding up relatively well, trading at a flat level at the time of writing.
Of course, this is not the first time that BAYC's Discord channel has been hacked. Back in April, ApeCoin's price was pummeled following a hack that was carried out via a defective "mint" link, which claimed to allow users the ability to mint virtual land in Otherside – BAYC's metaverse-focused game. That hack resulted in the theft of at least "4 Bored Apes, 6 Mutant Apes, and 3 BAKC, as well as assorted other NFTs," as per a statement by BAYC, and carried a floor price of at least $3 million.
For the uninitiated, ApeCoin powers the Bored Ape Yacht Club, a collection of 10,000 profile pictures minted as NFTs on the Ethereum blockchain. Developed by Yuga Labs, the BAYC is an exclusive NFT-focused organization, with the entry criterion based on the verifiable ownership of eligible NFTs. For the uninitiated, a Non-Fungible Token (NFT) is a blockchain-based deed of ownership of sorts for a digital item, thereby turning it into an asset that can be traded on dedicated platforms.