Report: Bored Ape Yacht Club Discord Attacker May Have Been Involved in Previous NFT Phishing Scams

Must read

The ‘Brussels Effect’ wields real influence over US crypto regulation

The right to privacy is enshrined in many legal traditions around the world. In the United States, it’s protected by the Fourth Amendment; in...

Lack of ‘qualified people’ without more Web3 education, say academics

Australian blockchain academics and educators have called for more robust Web3 education in schools, preparing students for a world that will be dominated by...

Warner Music Group partners with OpenSea to create more Web3 opportunities for artists

The company stated that select artists can launch their NFT collections and limited-edition projects on their own dedicated drop pages. 1174 ...

Market manipulation claims will be hardest ‘nut to crack’ in Bitcoin ETF approval — WisdomTree

“We’re all kind of watching this and seeing what’s going to happen,” said WisdomTree's Will Peck on spot Bitcoin exchange-traded funds in the...

Report: Bored Ape Yacht Club Discord Attacker May Have Been Involved in Previous NFT Phishing Scams

On June 4, 2022, the Bored Ape Yacht Club (BAYC) Discord server was compromised and a phishing scam targeted non-fungible token (NFT) collectors holding BAYC, Mutant Ape Yacht Club (MAYC), and Otherside NFTs. According to an analysis by the Web3 and blockchain auditing and security firm Certik, the BAYC Discord server attacker may have been involved in previous phishing attacks.

Blockchain Security Firm Certik Analyzes the BAYC Discord Phishing Attack

While many NFTs are very expensive, it makes them all the more worthwhile for malicious attackers to steal them. This week the Bored Ape Yacht Club (BAYC) Discord server was breached and an attacker used a phishing scam to lure victims.

Certik, the Web3 and blockchain auditing and security firm, published an analysis of the attack and from the company’s account, the attacker may have been involved with previous phishing attempts. The attack occurred on Saturday and a total of 32 NFTs valued at roughly $360K were stolen from blue-chip NFT holders.

Report: Bored Ape Yacht Club Discord Attacker May Have Been Involved in Previous NFT Phishing Scams
“Our Discord servers were briefly exploited today,” the BAYC creators Yuga Labs wrote after the incident. “The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at discord@yugalabs.io. As a reminder, we do not offer surprise mints or giveaways.”

The NFTs stolen stemmed from the Bored Ape Yacht Club (BAYC), the Bored Ape Kennel Club (BAKC), Mutant Ape Yacht Club (MAYC), and NFTs from the Otherdeed collection. Certik’s report says the phishing site was a “carbon copy of the official projects website, yet with subtle differences.”

There were no social media links on the site and there was a tab added titled “claim free land.” After some victims were hooked by the phony phishing ad, the attacker received a number of NFTs and then proceeded to sell them.

The attackers managed to acquire 142 ether and Certik notes that it is likely 100 ETH was sent to the mixing application Tornado Cash. Certik summarizes why the researchers believe some evidence shows that a fraction of ether the hacker acquired was sent to Tornado Cash and possibly sent to one address.

“Whilst it’s impossible to be certain that the 99.5 ETH redeemed by 0x2917… are the funds associated with today’s attack, it is certainly probable that these are the stolen funds post mixer due to the 20.5 ETH being sent to the depositor address,” Certik’s report notes.

The Certik researcher’s analysis adds:

The majority of the funds were sent to [Externally Owned Account (EOA)] 0x5bC1…, which is where they remain at the time of writing.

The blockchain security firm says that links indicate that 0x5bC1 is likely “not only associated with the BAYC phishing attack today, but also previous phishing attacks.” The company mentioned the fact that BAYC was targeted on April 25, 2022, when an attacker compromised the NFT collection’s Instagram account.

At that time, the hacker got away with 888 ether worth of non-fungible tokens by posting a scam link to a fake airdrop. “Users were prompted to sign a ‘safeTransferFrom’ transaction,” Certik’s report concludes. Prior to the Instagram exploit at the end of April, on the first day of April, Mutant Ape Yacht Club #8,662 was stolen via a phishing scam posted to the Discord channel. The celebrity Seth Green recently fell victim to a phishing attack and lost his Bored Ape to the scam. Bored Ape #8,398 called “Fred” was supposed to play a role in Green’s new series called “White Horse Tavern.”

What do you think about the recent BAYC phishing scam? Let us know what you think about this subject in the comments section below.

Jamie Redman

Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

Image Credits: Shutterstock, Pixabay, Wiki Commons, Otherside trailer,

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

More articles

Latest article

The ‘Brussels Effect’ wields real influence over US crypto regulation

The right to privacy is enshrined in many legal traditions around the world. In the United States, it’s protected by the Fourth Amendment; in...

Lack of ‘qualified people’ without more Web3 education, say academics

Australian blockchain academics and educators have called for more robust Web3 education in schools, preparing students for a world that will be dominated by...

Warner Music Group partners with OpenSea to create more Web3 opportunities for artists

The company stated that select artists can launch their NFT collections and limited-edition projects on their own dedicated drop pages. 1174 ...

Market manipulation claims will be hardest ‘nut to crack’ in Bitcoin ETF approval — WisdomTree

“We’re all kind of watching this and seeing what’s going to happen,” said WisdomTree's Will Peck on spot Bitcoin exchange-traded funds in the...

Judge orders SEC to turn Hinman documents over to Ripple Labs after months of dispute

U.S. District Court Judge Analisa Torres overruled the SEC’s second attempt to withhold the documents relating to former Division Director William Hinman, who...