Cyberattacks involving non-fungible tokens (NFTs) are on the rise. Since early 2022, a succession of hacks have been recorded, the most recent being the case of Bored Ape Yacht Club (BAYC).
BAYC Discord Server Under Cyber Attack
The fraudster had exploited the platform’s vulnerabilities and got access to Bored Ape Yacht Club (BAYC), Mutant Ape Yacht Club (MAYC), and Mutant Ape Kennel Club (MAKC).
These 3 collections are under Yuga Labs’ management. The conduct was initially identified as a phishing attack.
Shortly after discovering the incident, the BAYC team issued a warning on Twitter, advising users not to engage in any transactional activities on Discord and adding that other Discord boards were also under cyber attack.
To wit,
“STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints/airdrops etc. Other Discords are also being attacked right now.”
PeckShield provided additional information about the case. According to the blockchain security and data analytics firm, after gaining access to the Discord channel, the hacker posted a fraudulent link in Mutant Ape Kennel Club and stole the Mutant Art Yacht Club #8662.
It’s apparently a phony phishing link intended to steal money from users’ wallets.
The NFT belonged to the well-known Taiwanese artist Jay Chou, as the community swiftly discovered.
Jay Chou verified the fraud in an Instagram post. Unfortunately, the celebrity stated that other NFTs in his possession, including BAYC # 3738 and two Doodles NFTs, had been stolen.
It’s not looking like a good week for Jay Chou.
Hackers, Hackers Everywhere
A similar tactic was recently used to target the freshly launched NFT project Rare Bears.
The hacker took over the project’s Discord channel, provided a phishing scam link, and stole $800,000 in NFTs early on.
According to Peckshield’s investigation, the attacker allegedly took 179 NFTs, including Rare Bears and other NFTs from other collections, including CloneX, Azuk, and 6 LAND tokens used for The Sandbox’s Metaverse, among others.
According to on-chain research, the hacker sold the majority of the NFTs, earning him 286 ETH, which is worth more than $795,500.
The majority of it is routed through the Tornado Cash crypto mixer to conceal the source of funds.
On March 29, Ronin Network, Sky Mavis’ blockchain network designed for the game Axie Infinity, verified a hacker attack and made two money transactions.
The entire amount stolen was 173,600 ETH and 25.5 million USDC, which amounted to $615 million.
The attack is recognized as the largest in DeFi history, and it elicited conflicting comments within Axie Infinity gaming communities.
However, Sky Mavis, the developer of the game Axie Infinity, has announced that the team will reimburse players affected by the attack, which cost Ronin’s network $615 million.
Some of the stolen funds were transferred to centralized exchanges such as Huobi and FTX by hackers.
When dealing with substantial sums of money, all of these exchanges require KYC, allowing the attacker’s identity to be verified.
Digital asset exchange and projects are settings where investors can purchase, sell, trade, and store digital assets.
A growing number of trustworthy exchanges are cropping up, contributing to the growth of the blockchain industry.
On the other hand, many criminal actors are beginning to consider exchanges as attractive targets.
Attacks on digital asset exchanges and projects not only harm investors’ assets but also negatively affect the firms’ reputations.
A similar wave of phishing attempts has hit Discord in recent months, implying that teams should pay closer attention to the security of admin accounts.