Eleven hours after security researchers exposed the vulnerability on twitter, Yuga labs, the company behind boring ape NFT, finally confirmed that its discord server was hacked on Saturday, resulting in the theft of NFT worth 200 eth (about US $360000)** Coindesk pointed out that the incident originated from the theft of the discord account of Boris vagner, the community manager. Later, the attacker used the account to publish phishing links in the official bayc and metauniverse projects.
Twitter user @nftherder took the lead in exposing this matter. At the same time, he estimated that 145 eth (about $260000) was stolen along with NFT. Subsequent investigation showed that the stolen funds were transferred to four separate wallet addresses.
Yuga labs officials later confirmed the existence of the vulnerability in a tweet, saying that they were actively investigating the hacker attack - although it was 11 hours since the release of nftheater tweets.
The attacker posted a phishing text on the NFT Fantasy Football Club discord channel named spuiled banana Society (SPS) co founded by Boris vagner and Richard vagner, but the message and link were cleared after the incident.
Phishing link
At 09:00 UTC time, Richard vagner announced that his account had been hacked an hour ago. I hope no one clicked the phishing link.
Unfortunately, fortunately, after regaining control of Boris' account, they found that hackers who had harvested a wave did not delete the entire distribute server.
Although Richard has asked everyone to take the initiative to disclose, it is not clear how many SBS channel members have been affected by this phishing attack.
In the next few days, they will also try to recover all the tags that have been messed up, as well as in-depth analysis of whether there are other potential problems.
It is reported that vagners also operates a record company called metaverse records. In the same SBS discord message, Richard confirmed that bayc and other discords were also "hacked" and hoped that everyone would take warning.
In fact, this is the third time we have heard of such an incident recently. As early as April 1, the mutant ape Yacht Club 8662 was stolen because of the phishing link published in the discipline channel.
On April 25, the instagram / discord account of bayc was used by hackers to release false links to other side coins. Then last week, actor Seth Green also unfortunately became a victim.
In response to the hacker attack on Saturday, a founding member of bayc accused discord of having to bear the blame for its security vulnerability.
Gordon goner wrote in his tweet: "discord is not applicable to the web 3 community. We need a better platform that puts security first.".
Even so, @stevefink refuted in his tweet - you won't lose NFT because you use discard. The truth is that you clicked on the malicious trading link with your hand. In the absence of security awareness, changing the client can not prevent you from repeating the mistakes.