Yuga Labs Confirms Discord Server Hack; 200 ETH Worth of NFTs Stolen

The company behind the Bored Apes NFTs made the disclosure 11 hours after word of the exploit surfaced on Twitter.

AccessTimeIconJun 4, 2022 at 9:11 p.m. UTC
Updated May 9, 2023 at 3:47 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

The Bored Ape Yacht Club (BAYC) Discord server was hacked Saturday, with the attacker making off with 200 ETH ($360,000) worth of non-fungible tokens (NFT), according to Yuga Labs.

The hack took place after the project’s community manager, Boris Vagner, had his Discord account compromised, which the attacker then used to post phishing links in both the official BAYC and its related metaverse project called Otherside’s Discord channels.

News of the hack was first reported by Twitter user NFTherder, who also estimates 145 ETH (around $260,000) was stolen along with the NFTs, tracing the stolen funds back to four separate wallets.

Yuga Labs later confirmed the exploit occurred in a tweet of its own, saying it is still actively investigating the incident. It did so 11 hours after NFTHerder's tweet.

Vagner ​​is also the manager of his brother, the Grammy-winning multi-instrumentalist Richard Vagner, who co-founded an NFT fantasy football club called Spoiled Banana Society (SPS) with Boris. The attacker posted a phishing link in the SPS Discord channel, though the message was subsequently deleted, Richard said.

"Hey @everyone we were hacked an hour ago hopefully no one clicked any links,” Richard Vagner said in a Discord message at 09:00 UTC. “We’ve got back control of the discord and Boris’s account thank god he didn’t delete the whole server.”

It is unclear if anyone in the SBS channel was affected, though Richard has requested information from the Discord members related to the attack.

“We’ll be getting all the tabs back up in the following days & let us know if there’s anything else he messed with,” he said.

The Vagners also run a record label called Metaverse Records. In the same SBS Discord message, Richard independently confirmed that the BAYC and Otherside Discords were also “hacked.”

“Pls stay safe,” he wrote.

This is the third time a bad actor has been able to impersonate a Yuga Labs-run account to steal users’ funds. The first was April 1 when Mutant Ape Yacht Club #8662 was stolen through a phishing link posted in the project’s Discord, with the second coming April 25 after Bored Ape Yacht Club Instagram and Discord accounts posted a fake link to an Otherside minting.

Last week, actor Seth Green became a prominent example of the type of phishing schemes that run rampant in the NFT sector, when someone successfully scammed him out of his Bored Ape.

In response to the incident Saturday, one BAYC founder blamed Discord for the lapse in security.

"Discord isn't working for Web 3 communities," Gordon Goner said in a tweet. "We need a better platform that puts security first."

However, another crypto project founder blamed the users themselves for compromising their wallets.

"You lost your NFT because you signed a malicious transaction with your key," Steve Fink wrote. "Stop blaming Discord, another client won't save you from repeating the same mistakes."

Daniel Kuhn contributed reporting to this article.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Eli Tan

Eli was a news reporter for CoinDesk. He holds ETH, SOL and AVAX.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Read more about