Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold NFTs, making away with 142 ETH, equivalent to over $250,000. The hacker conducted a phishing attack, they set up a phishing site that impersonated the official BAYC site claiming that BAYC, MAYC and OthersideMeta holders were able to claim a free NFT for a short period of time.
The website was advertised through the official BAYC Discord for a Yuga Labs community manager that was previously hackerd.
“CertiK analysis reveals that this community manager,
account –@BorisVagner (“BorisVagner | SBS” on Discord)– posted a message to BAYC’s
Discord server with a phishing link that led to the fake site. This then granted the scam the
appearance of authenticity and made it easier to dupe the NFT holders.” reads the analysis published by blockchain cybersecurity firm CertiK.
Following the theft of NFTs, the attacker began to sell the collected assets at 08:25:42 AM UTC.
After selling off the stolen NFTs, threat actors moved the funds to the obfuscation platform
This attack marks the third time the BAYC social media servers have been hacked by attackers this year. The first hack of the BAYC discord server took place on April 1st. On April 25th, BAYC was hit the victim of another phishing attack, threat actors compromised its Instagram account and stole 91 NFTs, equivalent to $1,345,472.34
At this time it is unclear how the attackers have hacked the community manager’s account.
Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.
Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)
To nominate, please visit:
(SecurityAffairs – hacking, Zyxel)