On June 4, 2022, the Bored Ape Yacht Club (BAYC) Discord server was compromised and a phishing scam targeting BAYC, Mutant Ape Yacht Club (MAYC), and A phishing scam targeted collectors of non-fundable tokens (NFTs) holding Otherside NFTs.According to an analysis by Certik, a Web3 and blockchain audit and security firm, the attackers of the BAYC Discord server may have been involved in a previous phishing attacks and may have been involved in previous phishing attacks.
Blockchain security firm Certik analyzes BAYC Discord phishing attack
Many NFTs are very expensive, but having a malicious attacker steal them makes them more valuable. This week, the Bored Ape Yacht Club’s (BAYC) Discord server was breached and attackers used phishing scams to lure victims.
CertikCertik, a Web3 and blockchain auditing and security firm, released an analysis of the attack and found from their accounts that the attackers may have been involved in previous phishing attempts. The attack occurred on Saturday, and a total of 32 NFTs (worth approximately $360K) were stolen from blue chip NFT holders.
The stolen NFTs come from the Bored Ape Yacht Club (BAYC), Bored Ape Kennel Club (BAKC), Mutant Ape Yacht Club (MAYC), and Otherdeed collection NFTs. Certik reports that the phishing site is “a carbon copy of the official project website, but with subtle differences.”
The site had no social media links and an additional tab titled “claim free land.” After some victims fell for the fake phishing ads, the attackers began receiving and then selling many NFTs.
The attackers managed to acquire 142 ether, which Certik notes is likely to be 100 ETHsent to the mixing application Tornado Cash. Certik notes that researchers believe the hackers acquired a portion of the ether to Tornado Cash and summarizes why he believes some evidence indicates that it may have been sent to a single address.
“While it is impossible to be certain that the 99.5ETHredeemed at 0x2917is the funds associated with today’s attack… is certain that these are the funds associated with today’s attack, it is more likely that these are the stolen funds after the mixer for 20.5 ETHhas been sent to the depositor address,” Certik’s report states, “and that the funds are not the funds associated with today’s attack.
Certik researchers’ analysis adds.
Most of the funds went to [Externally Owned Account (EOA)] , to 0x5bC1… and are still there as of this writing.
The blockchain security firm said the link to 0x5bC1 is likely “related to today’s BAYC phishing attack as well as past phishing attacks.” The company noted the fact that BAYC was targeted on April 25, 2022, when attackers compromised the NFT Collection’s Instagram account.
At that time, the hacker made off with 888 ether worth of non-fusible tokens by posting a fraudulent link to a fake airdrop.” Users were prompted to sign a “safeTransferFrom” transaction,” Certik’s report concludes.Prior to the Instagram exploit at the end of April, Mutant Ape Yacht Club #8,662 on April 1, Discord channel and was stolen via a phishing scam posted on the channel. Recently, TV personality Seth Green was the victim of a phishing scam and lost Bored Ape to the scam. Bored Ape #8,398, known as “Fred,” was supposed to be a part of Green’s new series “White Horse Tavern.
Image credits: Shutterstock, Pixabay, Wiki Commons, Otherside trailer,
