An account compromise allowed fraudsters to post phishing links on a trusted Discord server.
Threat actors successfully scammed victims out of cryptocurrency and non-fungible tokens (NFTs) after compromising a Discord server run by Bored Ape Yacht Club (BAYC) creator Yuga Labs.
According to OKHotshot, an NFT security researcher, threat actors breached an account of Boris Vagner, a community manager of the Yuga Labs Discord server. Scammers used the breached account to post links to phishing sites, tricking victims into selling their NFTs.
BAYC acknowledged that an attack had happened, claiming around 200 Ethereum-worth of NFTs and cryptocurrency were ‘impacted.’
The phishing message promised an exclusive giveaway with a message that only users owning NFTs from Yuga Club could participate in the event. Holders were prompted to enter their credentials on a phishing site which eventually resulted in financial losses.
“As a reminder, we do not offer surprise mints or giveaways,” the official BAYC account tweeted.
At the end of April, hackers breached BAYC’s Instagram account and shared phishing links that resulted in followers losing close to $3 million in cryptocurrency.
According to the Federal Trade Commission (FTC), scammers are cashing in on the crypto craze, with thousands of people reporting over a $1 billion loss in various crypto scams.
More from Cybernews:
Subscribe to our newsletter