The discord server of the Bored Ape Yacht (BAYC) was reportedly compromised on June 4, 2022. A phishing scam took place, which targeted the collectors that held NFTs of BAYC, Mutant Ape Yacht Club (MAYC), and Otherside NFTs. Certik, a blockchain and Web3 auditing and security firm, believes that the attacker may have been behind several previous phishing attacks.
As a result of the phishing attack, the attacker stole 32 valuable NFTs worth almost $360,000 from the blue-chip NFT holders. The creators of BAYC, Yuga Labs, wrote that the team caught and addressed the exploitation quickly. However, NFTs worth almost 200 ETH were impacted due to the phishing attack.
Certik published a detailed analysis of the attack. According to the report, the phishing site was like a carbon copy of the official projects website. However, there were only slight differences that the NFT holders could not easily figure out.
The phishing site had no social media links. There was just a tab with the title ‘claim free land’, which persuaded numerous NFT holders to click on it. Afterwards, the attacker received several NFTs and sold them later on. After the phishing scam, Yuga Labs has explicitly mentioned that they did not offer any giveaways or surprise mints.
Certik believes that the ETH acquired by the hacker was sent to a single address on Tornado Cash. The report states that it was impossible to determine that the 99.5 ETH redeemed by 0x2917 were the funds associated with the attack. However, probably these were the stolen funds as 20.5 ETH were sent to the depositor’s address.
Moreover, most of the funds were reportedly sent to an Externally Owned Account (EOA), i.e., 0x5bC1. The report suggests that the funds were still in the account in writing.
Certik believes that was not only this EOA involved in the recent phishing attack but also numerous previous attacks too. In April, BAYC was attacked as a hacker compromised the NFT collection’s Instagram account, Certik adds.
The attack that happened in April was a significant success for the attackers. The attackers stole 888 ETH worth of NFTs through a scam link leading to a fake airdrop. Similarly, Seth Green, the celebrity, was also a target of another scam. As a result, he lost his collection of the Bored Ape Yacht.