The Bored Ape Yacht Club (BAYC) project team has reported that their Discord account has been hacked. During the phishing attack, the hackers stole at least four collectible tokens.
According to analytics firm PeckShield, unknown individuals hacked into the BAYC team’s account and posted a malicious link there to lure users to a fake site to create NFTs. The scammers managed to steal one valuable Mutant ApeYacht Club (MAYC) #8662 NFT, valued at over $70,000, one BAYC #3738, and two NFTs from the Doodles collection belonging to singer Jay Chou. The BAYC team confirmed the information on Twitter, stating that this is not an April Fools’ Day prank.
A Discord security specialist alias Serpent suggested that a captcha bot had been compromised, and this could be one of the reasons for the loss of NFT. According to the information given to him, the owner of the Captcha Bot (ImDarkDiamond) suffered a hack and the source code was stolen. Therefore, users are advised to disable this bot and remove it from their servers, as well as use another bot to pass verification in order to keep crypto assets safe.
After the information about the hack appeared, the price of APE tokens fell to $12.23. Doodles, Nyoki, and Squiggles’ Discord accounts were reportedly hacked in a similar fashion.
This is not the first time the Discord platform has been used for phishing attacks. Last year, Kaspersky Lab warned that attackers often lure users through Discord channels to fake sites of large exchanges or well-known projects, promising them the distribution of bitcoins and ethers. Recently, user Larry Lawliet lost several tokens from the Bored Ape, Mutant Apes and Doodle collections worth $2.7 million.
