Ethereum and NFTs stolen in hack of Yuga Labs Discord server

Hackers have stolen cryptocurrency and nonfungible tokens after compromising a Discord server run by Yuga Labs Inc., the creator of leading NFTs such as the Bored Ape Yacht Club.

The successful attack involved the compromise of an account belonging to Yuga Labs Community and Social Manager Boris Vagner. With access to Vagner’s account, those behind the attack posted phishing links in both the official BAYC and the Otherside Discord channels.

The phishing messages, pretending to be from Vagner, promised an exclusive giveaway with a message that only those holding BAYC, Mutant Ape Yacht Club and Otherside NFTs could participate. The holders were then sent to a phishing site that asked users to enter their login details. Once the login details were handed over, the attackers then stole all Ethereum and NFTs held in the account’s linked wallet. Access to the Discord server was eventually returned to Yuga Labs but not before the damage was done.

Bleeping Computer reported Saturday that those behind the attack stole an estimated 145 Ethereum worth approximately $250,000 and 32 NFTs. The official Twitter account of BAYC states that the stolen NFTs were worth around 200 ETH ($361,000). NFTs allow users to create and verify the ownership of virtual items by recording their sales and trades on blockchains.

Despite what appears to be a lapse in staff security, the Discord wasn’t randomly compromised. Gordon Goner, one of the founders of BAYC, blamed Discord for the compromise.

This isn’t the first time a Yuga Labs account has been compromised. In a nearly identical attack, hackers obtained access to the BAYC Instagram account in April and then sent out phishing messages with malicious links. NFTs valued at about $3 million was stolen.

In the Instagram case, Yuga Labs claimed two-factor authentication was enabled and the security practices surrounding the Instagram account were tight. The question is still raised: How did hackers get access to first the Instagram account and then Discord servers?

Security does not seem to be at the forefront of the company’s practices, but it’s not as if it can’t afford it. Yuga Labs last raised $450 million in funding on a $4 billion valuation in March.

Image: Pixabay

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.