Boris Vagner Discord Account Hacked, Phishing Attack Breaks A Number Of NFT Owners, Losses Up To IDR 3.7 Billion
JAKARTA - Yuga Labs, creators of two of the most popular ape-themed nonfungible token (NFT) offerings, Bored Ape Yacht Club (BAYC) and OtherSide, suffered another phishing attack that has cost investors more than 145 Ether (ETH) or nearly US$260,000 ( IDR 3,7) until Sunday, 5 June.
OKHotshot, a blockchain detective and member of the Twitter Crypto community, warned crypto investors about the compromise of two official Discord groups linked to BAYC and OtherSide NFTs.
BAYC & OtherSide discords got compromised‼️Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W
— OKHotshot (@NFTherder) June 4, 2022
According to the OKHotshot investigation, the attack was carried out by hacking into the Discord account of Boris Vagner, Yuga Labs' community and social manager.
After gaining unrestricted access to employee accounts, scammers shared various phishing links from Vagner's Discord accounts to the official group BAYC, Mutant Ape Yacht Club (MAYC), and Otherside.
Many users in the Discord group, who were not aware of the ongoing scam, fell victim to a phishing message promising a limited number of rewards available to existing NFT holders.
Concluding its investigation, OKHotshot revealed the wallet that stored and transferred the recently compromised NFT, making BAYC the second victim of an attack in two weeks. Yuga Labs itself has not responded to Cointelegraph's request for comment on this report.
Earlier on May 25, a member of the Proof Collective lost 29 NFT Ethereum-based high-value Moonbirds worth US$1.5 million (Rp21.6 billion) amid an ongoing fraud attempt.
While the total damage this hack will cause remains unclear, the recent crypto scams are a stark warning to NFT owners to exercise caution when dealing with third-party platforms. Crypto owners should double-check anything shared by others, even if they appear trustworthy.