The team confirmed in a Twitter post today that the Discord server of Bored Ape Yacht Club, the largest collection of NFTs by market cap, has been hacked.
An unknown hacker has gained access to Yuga Labs’ official Discord, home to members of the three NFT collections, the Bored Ape Yacht Club, the Mutant Ape Yacht Club, and the Mutant Ape Kennel Club. The hacker successfully posted a phishing link on the Mutant Ape Kennel Club channel. According to security firm PeckShield, the attack was done as a ‘secret NFT mint’ and was used to steal the Mutant Ape Yacht Club #8662 from a user.
The BAYC team said in its tweet that it immediately ‘catch up’ on the issue. Still, the team warned users not to print any NFTs using a link posted on their Discord, and reminded observers that they have no plans for any April Fools’ pranks.
Twitter users have warned of a similar exploit on Doodles’ Discord server, another popular NFT collection, but the Doodles team has yet to comment.
Using Discord accounts is a common way hackers use to carry out phishing attacks against NFT aggregators. Just a few weeks ago, a newly launched NFT collection Rare Bears said its members fell victim to a similar incident and over $790,000 in assets were stolen.