Hacker Steals Mutant Ape NFT Via Bored Ape Yacht Club’s Discord Server

Quick take:

• The hacker posted a phishing link disguised as a “stealth NFT mint”.
• One user who clicked the link had his Mutant Ape #8662 stolen.
• BAYC said that it is not doing any April Fools “stealth mints” and warns users against minting anything from Discord.

Bored Ape Yacht Club (BAYC) confirmed in a tweet today that its Discord server was “briefly compromised” yesterday. 

As reported by The Block, a hacker managed to gain access to the official Discord that hosts members of the Bored Ape Yacht Club, Mutant Ape Yacht Club (MAYC) and Mutant Ape Kennel Club (MAKC) community. 

According to Web3 security firm Peckshield, the hacker then posted a phishing link disguised as a “stealth NFT mint” in the MAKC channel, which was then used to steal Mutant Ape #8662.

BAYC said it caught the compromise immediately and that it is not doing any April Fools “stealth mints”. It also cautioned users against minting anything from Discord as other servers are also under attack. 

Other NFT-related Discord servers that were hacked include Shamanz and Doodles. NFT influencer “farokh.eth” alerted the Twitter NFT community about the Doodles Discord hack. However, neither Doodles nor Shamanz has made a statement about it.

Discord security and NFT influencer “Serpent_AU” confirmed that the exploits in Doodles and Shamanz Discord servers were carried out through Ticket Tool, a Discord bot that generates support tickets. 

Peckshield also tweeted that popular Taiwanese pop artiste Jay Chou, who founded the Phantabear NFT project, had his NFTs stolen via a phishing scam a few hours before BAYC’s Discord hack. The stolen NFTs include BAYC, MAYC, and two Doodles. 

Over the last few months, Discord hacking has become the latest threat to the NFT community as hackers exploit security flaws on the servers to launch phishing attacks on NFT collectors. 

In January, hackers took over an administrator account on Monkey Kingdom’s Discord channel to post a phishing link, resulting in a loss of $1.3 million worth of crypto funds. Shortly after Monkey Kingdom’s hack, Fractals also confirmed that the announcements bot on its Discord was hacked as scammers got away with $150,000 worth of cryptocurrency.

Last week, The Block reported that collectors of a newly launched NFT project, RareBears, fell victim to a phishing scam as an unknown hacker gained unauthorised access to the Discord server and posed as an official moderator to announce a fraudulent new NFT mint. Members of the RareBears community ended up losing $750,000 worth of NFTs and other cryptocurrencies.