Bored Ape Yacht Club Discord reportedly compromised in $250,000 NFT phishing attack

Less than two months after someone compromised the official Bored Ape Yacht Club Instagram account to steal $2.4 million worth of NFTs, BAYC creator Yuga Labs is again facing questions about its security measures. In the early hours of June 4th, a scammer carried out a phishing attack that netted them 32 NFTs worth approximately 142 Ethereum, according to Web3 is Going Great. After obtaining the login credentials of a community manager, the hacker reportedly used the official Bored Apes Discord to promote a fake giveaway exclusive to holders of Bored Ape, Mutant Ape and Otherside NFTs.

“Do not mint through ANY other websites,” the announcement said after linking to the website the hacker used to steal the NFTs. “This is the only official site!” According to data from blockchain security firm PeckShield, one BAYC and two Mutant Apes tokens were stolen in the scam. At the current Ethereum exchange rate, the entire 32 NFT trove is worth approximately $256,000.

We’ve reached out to Yuga Labs for comment. The company has yet to share an official statement on the incident – though it quickly locked down the Bored Apes Discord after the scam took place. The server, among a handful of other ones tied to high-profile NFT projects, was also hacked at the start of April when a bad actor compromised the CAPTCHA bot Yuga Labs used to deter spammers.