The Bored Ape Yacht Club’s (BAYC ) Discord Server was compromised on June 4, 2022. A phishing scheme targeted collectors of non-fungible tokens (NFTs) holding BAYC and Mutant Ape Yacht Clubs (MAYC) and Otherside NFTs. An analysis of the Web3 and Certik blockchain auditing, security firm Certik found that the attacker to the BAYC Discord Server may have been involved with previous phishing attempts.
Blockchain Security firm Certik analyzes the BAYC Discord Phishing attack
Although many NFTs cost a lot, this makes it easier for attackers to steal them. The Bored Ape Yacht Club’s (BAYC), Discord server was compromised this week. An attacker made a phishing scheme to lure victims.
Certik, the Web3 and blockchain auditing and security firm, published an analysis of the attack and from the company’s account, the attacker may have been involved with previous phishing attempts. Blue-chip NFT owners were robbed of approximately $360K worth of NFTs. The attack took place on Saturday.
These NFTs were stolen from the Bored Ape Yacht Club, the Bored Ape Kennel Club(BAKC), Mutant Ape Yacht Clubs (MAYC) and other NFTs taken from the Otherdeed Collection. Certik’s report says the phishing site was a “carbon copy of the official projects website, yet with subtle differences.”
There were no social media links on the site and there was a tab added titled “claim free land.” After some victims were hooked by the phony phishing ad, the attacker received a number of NFTs and then proceeded to sell them.
Certik noted that the attackers were able to obtain 142 Ethereum and it is probable 100 ETH was sent by Tornado Cash, a mixing app. Certik summarises the reason why researchers think some evidence indicates that only a fraction was stolen by the hacker and may have been sent to just one address.
“Whilst it’s impossible to be certain that the 99.5 ETH redeemed by 0x2917… are the funds associated with today’s attack, it is certainly probable that these are the stolen funds post mixer due to the 20.5 ETH being sent to the depositor address,” Certik’s report notes.
The Certik researcher’s analysis adds:
The vast majority of funds went to [Externally Owned Account (EOA)] 0x5bC1…, which is where they remain at the time of writing.
The blockchain security firm says that links indicate that 0x5bC1 is likely “not only associated with the BAYC phishing attack today, but also previous phishing attacks.” The company mentioned the fact that BAYC was targeted on April 25, 2022, when an attacker compromised the NFT collection’s Instagram account.
The hacker posted a link to an airdrop scam, and he managed to get away with non-fungible tokens worth 888 Ethereum. “Users were prompted to sign a ‘safeTransferFrom’ transaction,” Certik’s report concludes. Before the Instagram attack at the end April, Mutant Ape Yacht Club #8,662 had been stolen by a scammer via the Discord channel. Recently, Seth Green fell prey to a phishing scam and his Bored Ape was stolen. Bored Ape #8,398 called “Fred” was supposed to play a role in Green’s new series called “White Horse Tavern.”
How do you feel about the BAYC scam? Comment below and let us know how you feel about the subject.
Images CreditsShutterstock. Pixabay. Wiki commons.
DisclaimerThis article serves informational purposes. This article is not intended to be a solicitation or offer to sell or buy any product, service, or company. Bitcoin.com is not a provider of investment, tax, legal or accounting advice. This article does not contain any information, products, or advice that can be used to cause or alleged result in any kind of damage.