Gone Phishin’

There was no rest for the wicked this weekend, as Yuga Labs (creator of NFT series Bored Ape Yacht Club (BAYC) and OtherSide) saw another attack on its community. In a phishing attack perpetrated through the use of a hacked Discord account, about 200 ETH worth of NFTs appear to have been lost by investors.

What Happened

1. Community Manager Boris Vagner suffered a security compromise which resulted in his account being hijacked and used to post messages in official Yuga Labs project channels.
2. The bad actor then used his account to craft a Discord message advertising “ANOTHER exclusive giveaway”, and instructed members to connect to a phishing site disguised as the official link to mint the NFTs.
3. Once on the bogus site, users’ information was gathered and transactions were executed resulting in the loss of participating members’ funds.

In a response on Twitter, Yuga Labs co-founder @GordonGoner said “Discord isn’t working for web3 communities. We need a better platform that puts security first.”, implying the Discord account security breach was the fault of the messaging platform, not security habits of users.

Regardless of the cause, reacquainting yourself with security best practices will never go out of style. Are you at risk? Find out here.