Hackers Stole A Stunning Amount Of Bored Ape Yacht Club NFTs
Hackers stole more than $350,000 worth of Bored Ape Yacht Club NFTs in a phishing scam that's been targeting Yuga Labs for the third time in just under three months. Popular NFT developer Yuga Labs recently tweeted that its official Discord servers were "briefly exploited," leading to NFTs amounting to about 200 ETH being "impacted" in the process. This is now the third time Yuga Labs was successfully attacked by hackers since April (via Insider).
Both of the previous incidents stemmed from phishing attacks as well, with the second involving fake minting links. In an attempt to prevent users from further falling victim to such scams, Yuga Labs posted a tweet reminding users that it doesn't offer any surprise minting or giveaways. The thing is, it was Yuga Labs' own community manager, Boris Vagner, whose Discord account was infiltrated to post various phishing links on the official Bored Ape Yacht Club's official account in the first place.
Phishing attacks are commonplace in NFTs
There's a good reason hackers are constantly targeting Yuga Labs, as its Bored Ape Yacht Club collection has become an established platform garnering thousands of users on a regular basis. Ari Redbord, Head of Legal Affairs for Blockchain intelligence company TRM Labs, said it's "not a surprise" that Yuga Labs was victimized given its comprehensive NFT collection, the majority of which have been traded for upwards of hundreds of thousands of dollars worth of cryptocurrency (via Yahoo). That said, Redbord urged users to be extra cautious and to report such scams as these operations are now "becoming more and more organized."
TRM Labs highlighted the various phases that may take place in NFT phishing scams, which can come in various forms. This includes emails, DMs in Discord or similar messaging platforms, ads in virtual wallets, and even impersonated staff of NFT exchange platforms. Hackers pressure victims to act fast by luring them with valuable NFTs that turn out to be non-existent. Afterward, attackers then utilize a bait-and-switch contract, which lets victims sign a fake contract that tricks them into thinking their gaining ownership of the so-called NFT, in order to gain access to their wallets.
Recent NFT scams have been absurdly lucrative
NFT scams have accrued millions of dollars within the past few years alone. Many of these NFT phishing scams usually involve hackers pretending to be reputable community members or project developers to gain the trust of victims. In 2021, NFT trader Jeff Nicholas inadvertently gave away 150 ETH to hackers acting as an official support team for the popular NFT exchange platform OpenSea (via The Verge). Another victim, Sohrob Farudi, lost 250 ETH from scammers claiming to be Bored Ape Yacht Club founders.
Attackers reportedly used similar bait-and-switch contract methods mentioned above to mislead buyers into thinking they were buying NFTs, only to have them effectively open their cryptocurrency wallets for thieving, exposing their personal information in the process. TRM Labs suggests that users should never sign transactions they don't fully trust, as the mere act can immediately give hackers access to all their digital assets. The blockchain firm advises NFT collectors to never give their private keys or seed phrases to anyone for any reason. This goes without saying: don't talk to strangers without first verifying who they actually are, especially in a virtual space where just about anyone can easily claim to be whoever they wish.