Bored Ape Yacht Club Discord server breached causing 200 ETH, 32 NFTs in losses

2022-6-5 02:53

Web2 applications such as Discord have again been shown to be the weak link in the arsenal of blockchain projects. Over 175 ETH has been drained from investors’ accounts after the Bored Ape Yacht club Discord server was breached. @BorisVagner, who was only promoted to Social Media for Yuga Labs in January 2022, had his Discord account breached. The attacker was then able to post phishing links via BorisVagner’s official account on the Yuga Labs Discord server.

Source: Twitter

The link has been redacted to protect readers from visiting the phishing site. BAYC finally released a statement 9 hours after it was first reported stating,

“Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at [email protected].”

The statement reported that the team “addressed it quickly” and confirmed the total value lost by members as 200 ETH. At today’s value that is $354k gone in almost no time at all. The lack of urgency in reporting the matter to its community and the brevity of the announcement suggests an element of complacency by Yuga Labs.

Community Manager account compromised.

According to Peckshield, “32 NFTs were stolen, including 1 #BAYC, 2 #MAYC, 5 #Otherdeed, 1 #BAKC” The breach was reported initially by OKHotshot, who tweeted, “@BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen.” OKHotshot told us exclusively that it is around $354k.

“Proper security practises should be upheld for any project doing millions in revenue. Especially if the project is in the top 10 of the market. Not having a security manager increases that risk significantly.”

OKHotshot believes a security manager could have prevented this as “they would handle discord security practices, team policy, and make sure they are upheld. No team member should have their direct messages open, be clicking on links or using their main accounts on other servers just to give a few examples.” Yuga Labs have several job roles available, but no security roles are live.

Community reaction

The crypto community was also vocal about the issue through a thread posted by Reddit user u/naji102. Users discussed the drop in trust for NFTs due to the increase in scams that even come from official sources. u/XnoonefromnowhereX commented, “The message had grammatical errors that should have been a red flag,” while u/CrimsonFox99 empathetically stated, “Hard to blame them on that part, especially coming from a supposed trusted source.”

A Twitter user reached out to OpenSea and LooksRare pleading “I just clicked a fake goblin claim. 2 MAYC and 8 cool cats were stolen. … please help. They stole everything from me.” Calls came from other users supporting the initiative to freeze the thief’s accounts. It seems that often decentralization is only supported until investors need centralized support.

BAYC Discord compromised before

This is not the first time the Discord server has been compromised. The server was hacked in April 2022, with MAYC #8662 being stolen. The story continued as it later became known that Taiwanese pop superstar Jay Chou was the owner of the stolen NFT worth $550k. A Discord profile was compromised on both occasions, allowing the attack to post phishing links onto official channels.

Protecting web2 infrastructure tied to web3

There are solutions being released to attempt to combat the problem of scam websites. Most major antivirus tools use libraries of blacklisted sites to aid users in browsing the internet. However, the speed and frequency of scams mean that these tools may not always be completely up to date. A chrome extension called Wallet Guard attempts to solve this problem in the web3 space.

Wallet Guard told CryptoSlate:

“Not everyone has a technical background nor has been around the space too long… our extension never touches your wallet it only needs to know the domain you’re attempting to visit.”

The tool flagged the URL of the phishing site posted to BorisVagner’s Discord account and could have aided investors in deciding if they should trust the link.

However, even tools such as this are not invulnerable. A sophisticated scammer could theoretically get into an official Discord server while also attacking a site like Wallet Guard to make it appear to be a legit site.” However, no tool is expected to be 100% invulnerable to all attacks. Any way investors can reduce the chance of them falling victim to fraud should be encouraged.

Still, each phishing scam attacks a blockchain project scam it comes through a web2 connection to the blockchain project. Adding web3 functionality to web2 technology such as Discord could dramatically increase its security.

CryptoSlate reached out to BorisVagner for comment but did not receive a response.

The post Bored Ape Yacht Club Discord server breached causing 200 ETH, 32 NFTs in losses appeared first on CryptoSlate.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Ethereum (ETH) на Currencies.ru

$ 3271.21 (-1.15%)
Объем 24H $30.57b
Изменеия 24h: -0.87 %, 7d: -17.00 %
Cегодня L: $3225.66 - H: $3352.65
Капитализация $394.041b Rank 2
Цена в час новости $ 1791.34 (82.61%)

discord nfts club bored ape eth losses

discord nfts → Результатов: 12


Playoff NFTs from the NBA

The NBA recently began teasing potential Ethereum NFTs to commemorate this season’s playoffs, and the league also debuted a Discord server NBA NFTs: Top Shot is the first step NBA Top Shot has been a success for the NBA and its stakeholders, and in more ways than one, the NBA Top shot collection has helped […] The post Playoff NFTs from the NBA appeared first on NFT News Today.

2022-4-17 06:48


Фото:

The Crypto Community Is Buzzing As Discord Suggests Ethereum Integration — What This Means

Discord’s exec has dropped a massive hint at a potential Ethereum integration. The integration will open the messaging platform to NFTs and allow users to send cryptocurrencies to themselves. The potential move has split opinion between the platform users with both camps advancing arguments in favor of their choices.

2021-11-11 23:03


Golden State Warrior’s Stephen Curry’s New Avatar is a Bored Ape Bought via FTX for 55 ETH

NBA Champion Stephen Curry has entered the world of non-fungible tokens (NFTs) through Bored Ape Yacht Club. On Saturday, Justin Taylor, Head of Consumer Product Marketing at Twitter, whose Twitter profile is also a Bored Ape, welcomed Stephen to the fam, adding, “now he’s posting selfies in the BoredApeYC discord!” Not only has the two-time […] The post Golden State Warrior’s Stephen Curry’s New Avatar is a Bored Ape Bought via FTX for 55 ETH first appeared on BitcoinExchangeGuide.

2021-8-30 15:42