Web2 applications such as Discord have again been shown to be the weak link in the arsenal of blockchain projects. Over 175 ETH has been drained from investors’ accounts after the Bored Ape Yacht club Discord server was breached. @BorisVagner, who was only promoted to Social Media for Yuga Labs in January 2022, had his Discord account breached. The attacker was then able to post phishing links via BorisVagner’s official account on the Yuga Labs Discord server.
The link has been redacted to protect readers from visiting the phishing site. BAYC finally released a statement 9 hours after it was first reported stating,
“Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at [email protected]”
The statement reported that the team “addressed it quickly” and confirmed the total value lost by members as 200 ETH. At today’s value that is $354k gone in almost no time at all. The lack of urgency in reporting the matter to its community and the brevity of the announcement suggests an element of complacency by Yuga Labs.
Community Manager account compromised.
According to Peckshield, “32 NFTs were stolen, including 1 #BAYC, 2 #MAYC, 5 #Otherdeed, 1 #BAKC” The breach was reported initially by OKHotshot, who tweeted,…
