It was reported on Twitter by the Bored Ape Yacht Club that their Discord server had been hacked. Fortunately, the team was able to identify and stop the hacking quickly. Additionally, the BAYC team reiterated that there would be no April Fools stealth mints or airdrops at this time, as previously stated.
In order to avoid risking their safety, BAYC followers should avoid minting anything from Discord until it is safe to do so. As of the right moment, the BAYC Discord server is locked down.
The tweet says:
STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.
— Bored Ape Yacht Club (@BoredApeYC) April 1, 2022
“STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately, but please know: we are not doing any April Fools stealth mints/airdrops, etc. Other Discords are also being attacked right now.”
Definitely Not a Prank
On the Mutant Ape Kennel Club channel, the hacker provided a phishing link that led to a fake website. According to the evidence from Etherscan, the hacker was successful in stealing Mutant Ape Yacht Club #8662 from a user by disguising the connection as “stealth NFT mint.” On Opensea.io, the token is now worth 20 ETH (about $65,600).
It was stated on Twitter that the hacker may have carried out the attack through the use of Ticket Tool, a popular Discord bot that generates support tickets automatically. Rumors circulated earlier this week that the Discord hack was the result of a security flaw in the Captcha Bot. However, there has been no official confirmation of this rumor as of yet.
Some could assume it’s an April Fools’ Day hoax based on the publication date of the news story. As mentioned above, the BAYC team, on the other hand, released clarification statements confirming the attack.
The hacker posed as a stealth NFT mint in order to trick people into clicking on a phishing link. In a message posted on the Yuga Labs Discord channel, users were encouraged to stake Mutant Ape Kennel Club NFTs in order to qualify for rare Apecoin incentives. When it first happened, many people assumed it had anything to do with April Fools’ Day. Following that, customers were routed to a bogus website, where at least one NFT was stolen.
There are many discussions happening on Twitter and other social media about similar hacks on other Discord servers. As the hacker may have used a popular bot of Discord, it’s good to be cautious in Discord servers for now. There may be more breaches that result in bigger losses for users, especially NFT holders.