Bored Ape Yacht Club Discord reportedly compromised in $357,000 NFT phishing attack

Less than two months after someone compromised the official Bored Ape Yacht Club Instagram account to steal $2.4 million worth of NFTs, BAYC creator Yuga Labs is again facing questions about its security measures. In the early hours of June 4th, a scammer carried out a phishing attack that netted them 200 Ethereum worth of NFTs, according to Web3 is Going Great. After obtaining the login credentials of a community manager, the hacker reportedly used the official Bored Apes Discord to promote a fake giveaway exclusive to holders of Bored Ape, Mutant Ape and Otherside NFTs.

“Do not mint through ANY other websites,” the announcement said after linking to the website the hacker used to steal the NFTs. “This is the only official site!” According to data from blockchain security firm PeckShield, one BAYC and two Mutant Apes tokens were stolen in the scam. At the current Ethereum exchange rate, the entire trove is worth more than $357,000.

“Our Discord servers were briefly exploited today,” said Yuga Labs. “The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted.” The company said it was still investigating the incident. The BAYC Discord, among a handful of other servers tied to high-profile NFT projects, was also hacked at the start of April when a bad actor compromised the CAPTCHA bot Yuga Labs used to deter spammers.

Update 8:46PM ET: Added comment from Yuga Labs and updated theft estimate. 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.