A hacker has stolen several Bored Ape Yacht Club and Doodles NFTs by posting fake minting links on Discord servers.
Содержание статьи:
Shutterstock cover by Black_Kira. Photo: Bored Ape Yacht Club/Yuga Labs
Key Takeaways
Several Discord servers, including that of the Bored Ape Yacht Club, have been compromised. Hackers appear to have exploited a recent Ticket Tool Discord bot update to post phishing links across multiple servers.
NFTs Lost Through Discord Hack
A Discord-related security breach has resulted in high-value NFTs being stolen.
The Discord servers of the Bored Ape Yacht Club, Doodles, and several other prominent NFT collections were compromised early Friday morning, leaving the NFT community reeling.
A message appeared in the Bored Ape server at 6:19 UTC informing users of a new “Mutant Ape Kennel Club” collection and posting a fake minting link. Unsuspecting users who clicked the link signed transactions that gave the hacker the right to transfer their NFTs from their wallets. Despite the unfortunate timing, this wasn’t an April Fools’ joke—the hacker had managed to find an exploit in a popular Discord bot to infiltrate servers and post links in restricted channels without the server admin’s permission.
The hacker’s fake Discord post. Source: @cubedmeta
The hacker also posted a similar message in the Doodles Discord server, informing users of a new “genesis mint” with a limited supply. Like the Bored Ape Discord post link used, those who clicked on it and tried to mint would have the NFTs in their wallet transferred out by the hacker.
The official Bored Ape Yacht Club Twitter account quickly informed followers of the attack. “A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc,” the post read.
NFT enthusiast and DAPE co-founder SerpentAU initially posted to Twitter that the compromised servers were due to the owner of the widely-used Discord Captcha Bot being hacked, citing “inside information” received from one of the hackers. However, they later confirmed that an exploit with a different Discord bot, Ticket Tool, allowed hackers to infiltrate servers. In response to SerpentAU’s post, the official Ticket Tool Twitter account stated that the update that caused the exploit had since been reverted.
According to the blockchain security firm PeckShield, at least one Bored Ape, one Mutant Ape, and two Doodles NFTs were stolen by the hacker. Transaction data shows that the hacker has since sold or transferred all four NFTs.
Today’s incident is not the first time collectors have lost NFTs and cryptocurrency due to compromised Discord servers. In February, members of the Doodles Discord server fell victim to phishing links when a server bot was hacked, resulting in several members losing their Doodles NFTs.
However, thefts of high-value non-fungibles have not been limited to Discord. Also, in February, a phishing email scam sent to OpenSea users resulted in over $3 million worth of NFTs being stolen from collections such as Bored Ape Yacht Club, Doodles, and Azuki.
As NFTs surge in value, their owners will likely continue to be targeted by scams. Those operating Discord servers will need to take extra precautions to protect their communities from further attacks.
Disclosure: At the time of writing this piece, the author owned ETH and several other cryptocurrencies.
Disclaimer
Read More
Read Less
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
Source: cryptobriefing.com
