- The official BAYC discord server was hacked earlier today.
- Reports reveal that one MAYC has been stolen.
- A similar exploit has been uncovered on several other NFT discord channels.
According to information from BAYC’s verified Twitter handle, the community’s Discord channel was briefly compromised. Currently, only one MAYC has been stolen.
Details Of The Exploit
Hackers earlier today managed to compromise a ticketing tool on BAYC’s discord channel responsible for user verification and notifications. With this, the fraudsters sent messages requesting users to stake their NFTs for rewards in Yuga Labs’ native token, ApeCoin.
@zachxbt, an on-chain investigator, first reported the hack on Twitter, revealing that one MAYC had been stolen. Minutes later, the hack was confirmed by BAYC using their official Twitter handle; the tweet read, “STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.”
Discord security and coding expert, who goes by the pseudonym Serpent, has since thrown his hat in the ring to help BAYC regain control of their server. A couple of hours after the hack confirmation, Serpent shared a code to help developers get rid of the bug inserted by the hackers.
As it turns out, BAYC’s discord channel was not the only one targeted by the hackers. @zachxbt confirmed that the same exploit was in play on numerous other NFT channels, including Doodles, Shamanz, and Nyoki servers. On examining the phishing websites, @zachxbt disclosed that they were very similar and most likely the efforts of a single group.
Updates from @zachxbt’s thread reveal that web hosting service Namecheap has suspended the identified websites. The address used by hackers has also been identified and flagged on Etherscan. BAYC is yet to confirm if the threat has been neutralized.
Discord hacks have become very common in the NFT space because the platform supports many NFT communities; it is often targeted. Magus Devon, a crypto community lead, expressed frustration at the many security inadequacies of Discord in a tweet in response to today’s happenings. Devon’s tweet read:
“Really hate discord’s terrible security and the lack of tools provided to server admins for management. It feels weird that we have to constantly rely on all these third party bots just to get some basic level of protection for our users.”
In December, a discord hack saw hackers make off with 7000 Solana worth about $1.3 million at the time using a phishing trick. The hackers breached the Discord server of Monkey Kingdom, an NFT collection launched by Hong Kong entrepreneurs. NFT holders should be reminded that projects will not send them direct messages and be wary of clicking links sent to them.