Multiple major NFT projects, including the Bored Ape Yacht Club, Nyoki and Shamanz, all had their Discord servers hacked early Friday morning by scammers trying to trick users into handing over their NFTs.
The three clubs confirmed that their Discord servers were hacked in tweets. Independent blockchain investigator Zachxbt shared screenshots indicating that Doodles and Kaiju Kingz’s Discord servers were also targeted.
The main objective of the hack was to get users to link on a link to mint a fake NFT by sending ETH or, in some cases, an NFT to wrap into a token.
Not the first attack, and it might not be the last
The BAYC Twitter account sent out a warning asking people not to mint anything from their Discord at the moment, stating that a webhook on their Discord server was “briefly compromised”. Nyoki Club also tweeted about the hack, saying that the attackers were able to send a fake mint website as an announcement by using one founder’s access tokens. They further added that any losses would be covered.
So far, two wallet addresses have been tied to the hacks labelled as Fake_Phishing5519 and Fake_Phishing5520 on Etherscan, a blockchain exploring platform. At least one Mutant Ape Yacht Club NFT was stolen and sold off by the 5519 wallets, sending 19.85 ETH to the 5520 wallets.
The 5520 wallets, in return, sent 61 ETH to Tornado Cash, a mixing service that improves transaction privacy by breaking the on-chain link between source and destination addresses. The last transaction from this wallet is a transfer of 0.6 ETH to a previously inactive wallet that then forwarded that amount to another active wallet currently holding 1,447 ETH, six million Tether coins and several other tokens.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.