A server linked to the crypto company Yuga Labs, which produces the popular Bored Ape Yacht Club NFT series, was hacked on Saturday in a phishing attack that resulted in the theft of $360,000 (200 ETH) worth of NFTs.
Yuga Labs confirmed news of the scam targeting the company’s Discord server in a tweet, saying it is still actively investigating the incident.
News of the phishing attack came several hours after Twitter user NFTherder reported around 145 ETH (around $260,000) in NFTs stolen, tracing the missing funds to four separate cryptocurrency wallets.
The Discord account of a BAYC staffer and project community manager, Boris Vagner, was hacked and subsequently used to post phishing links in official channels associated with BAYC and its affiliate metaverse project, Otherside. Vagner’s account had been impersonated in a message to BAYC users, promising recipients an exclusive giveaway with a phishing link embedded in the body of the email.
“As a reminder, we do not offer surprise mints or giveaways,” the official Twitter account for BAYC tweeted in response to the news, providing an email address for impacted users to report theft from the incident. It is unclear how users whose assets were targeted will be compensated.
Yuga Labs accounts have been hacked three times in recent months. In April, an unknown attacker executed a similar scheme, posting a fraudulent link to a hacked BAYC Instagram account that led to a duplicated version of the platform’s website, allowing the hacker to gain access to the users Ethereum wallets. Earlier that month, Mutant Ape Yacht Club #8662 was stolen through a phishing link posted in the project’s Discord.
According to a Federal Trade Commission report on Consumer Protection Data, online users have lost $1 billion in crypto to various scams since the beginning of 2021. The most common type of fraud was associated with investment schemes, accounting for $575 million of that $1 billion figure.