Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack, with investors losing over 145 Ether (ETH) or nearly $260,000 at the time of writing.
OKHotshot, a blockchain detective and a member of the Crypto Twitter community, alerted crypto investors about the compromise of two official Discord groups linked to BAYC and OtherSide NFTs.
According to OKHotshot’s investigations, the attack was conducted by hacking into the Discord account of Boris Vagner, community and social manager at Yuga Labs.
After gaining unrestricted access to the employee’s account, scammers shared various phishing links from Vagner’s Discord account into the official BAYC, Mutant Ape Yacht Club and Otherside groups.
Many users in the Discord groups, unwary about the ongoing scam, fell for the phishing messages that promised limited-quantity giveaways made available for existing NFT holders — as evidenced by the above screenshot.
Concluding the investigation, OKHotshot revealed the wallets that held and transferred the recently compromised NFTs, making it the second time BAYC fell victim to an attack in as many weeks.
Yuga Labs has not yet responded to Cointelegraph’s request for comment.
On May 25, a Proof Collective member lost 29 high-valued Ethereum-based Moonbirds NFTs worth $1.5 million amid an ongoing scam.
While the total damage around this hack remains unclear, the recent crypto scams are a harsh wake-up call for NFT owners to exercise caution when dealing with third-party platforms and to double-check anything shared by others, even if they appear trustworthy.