The attackers compromised a BAYC employee’s login credentials to access the server and post phishing links. This incident adds to a growing list of high-profile cyberattacks against NFT holders and marketplaces in 2022.
Details of the Phishing Attack on BAYC’s Discord Server
The attackers hacked into BAYC’s Discord server on Saturday, June 4. According to blockchain analyst NFTherder, the hackers compromised the account of the project’s community manager, Boris Vagner. Next, they posted malicious phishing links disguised as an “exclusive giveaway” from Vagner’s account to both the BAYC and Otherside’s (BAYC’s metaverse project) Discord channels. In the message, “Vagner” added that the giveaway was exclusive to BAYC, MAYC, and Otherside token holders. Approximately 11 hours after NFTherder’s Tweet, BAYC confirmed the attack. The hackers managed to steal 200 ETH (approximately $360,000) worth of NFTs. “Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at discord@yugalabs.io,” BAYC’s tweet read.
NFT Fantasy Football Society Possibly Affected
Boris Vagner is the brother of Grammy Award-winning artist Richard Vagner. Together the brothers co-found Spoiled Banana Society (SBS), an NFT fantasy football society for BAYC members. Apparently, the attacker posted a phishing message in the SBS Discord channel as well. However, Richard Vagner stated that the message was quickly deleted. “Hey @everyone we were hacked an hour ago hopefully no one clicked any links,” Richard Vagner stated in a Discord message. “We’ve got back control of the discord and Boris’s account thank god he didn’t delete the whole server.” At this time, it is unclear if any SBS members were victims of the phishing attack. Richard Vagner said that they would continue to monitor the situation, and requested members to share any information they may have. “We’ll be getting all the tabs back up in the following days & let us know if there’s anything else he messed with,” Vagner said.
Alarming Rise in NFT Phishing Attacks
Cybercriminals have carried out high-profile cryptocurrency scams and attacks on crypto exchanges in recent years, but a new type of attack seems to be plaguing the space. Over the last few months, targeting NFT holders and marketplaces has been very lucrative for cybercriminals. Furthermore, a growing trend that has appeared is the targeting of social media accounts with phishing attacks. In April, hackers carried out an attack against BAYC members on Instagram, stealing $13.7 million worth of tokens. They gained access to the official BAYC account and sent messages about new NFT mints, which were in fact phishing links. Last month, cybercriminals used a compromised Discord bot to drop phishing links on several NFTs channels. A few days later, attackers hacked into infamous NFT artist Beeple’s Twitter account. They used this access to send out two phishing links, scamming Beeple’s followers to the combined tune of $430,000. In February, NFT marketplace OpenSea was the target of a cyberattack, where the hackers made their way with 254 tokens worth $1.7 million. With the number of scams on the rise, it is important to be on the lookout. Check out our detailed guide on how to avoid NFT scams.
