2 years ago
On June 4, 2022, the Bored Ape Yacht Club (BAYC) Discord server was compromised and a phishing scam targeted non-fungible token (NFT) collectors holding BAYC, Mutant Ape Yacht Club (MAYC), and Otherside NFTs. According to an investigation by the Web3 and blockchain auditing and information steadfast Certik, the BAYC Discord server attacker whitethorn person been progressive successful erstwhile phishing attacks.
Blockchain Security Firm Certik Analyzes the BAYC Discord Phishing Attack
While galore NFTs are precise expensive, it makes them each the much worthwhile for malicious attackers to bargain them. This week the Bored Ape Yacht Club (BAYC) Discord server was breached and an attacker utilized a phishing scam to lure victims.
Certik, the Web3 and blockchain auditing and information firm, published an investigation of the onslaught and from the company’s account, the attacker whitethorn person been progressive with erstwhile phishing attempts. The onslaught occurred connected Saturday and a full of 32 NFTs valued astatine astir $360K were stolen from blue-chip NFT holders.
The NFTs stolen stemmed from the Bored Ape Yacht Club (BAYC), the Bored Ape Kennel Club (BAKC), Mutant Ape Yacht Club (MAYC), and NFTs from the Otherdeed collection. Certik’s study says the phishing tract was a “carbon transcript of the authoritative projects website, yet with subtle differences.”
There were nary societal media links connected the tract and determination was a tab added titled “claim escaped land.” After immoderate victims were hooked by the phony phishing ad, the attacker received a fig of NFTs and past proceeded to merchantability them.
The attackers managed to get 142 ether and Certik notes that it is apt 100 ETH was sent to the mixing exertion Tornado Cash. Certik summarizes wherefore the researchers judge immoderate grounds shows that a fraction of ether the hacker acquired was sent to Tornado Cash and perchance sent to 1 address.
“Whilst it’s intolerable to beryllium definite that the 99.5 ETH redeemed by 0x2917… are the funds associated with today’s attack, it is surely probable that these are the stolen funds station mixer owed to the 20.5 ETH being sent to the depositor address,” Certik’s study notes.
The Certik researcher’s investigation adds:
The bulk of the funds were sent to [Externally Owned Account (EOA)] 0x5bC1…, which is wherever they stay astatine the clip of writing.
The blockchain information steadfast says that links bespeak that 0x5bC1 is apt “not lone associated with the BAYC phishing onslaught today, but besides erstwhile phishing attacks.” The institution mentioned the information that BAYC was targeted connected April 25, 2022, erstwhile an attacker compromised the NFT collection’s Instagram account.
At that time, the hacker got distant with 888 ether worthy of non-fungible tokens by posting a scam nexus to a fake airdrop. “Users were prompted to motion a ‘safeTransferFrom’ transaction,” Certik’s study concludes. Prior to the Instagram exploit astatine the extremity of April, connected the archetypal time of April, Mutant Ape Yacht Club #8,662 was stolen via a phishing scam posted to the Discord channel. The personage Seth Green precocious fell unfortunate to a phishing onslaught and mislaid his Bored Ape to the scam. Bored Ape #8,398 called “Fred” was expected to play a relation successful Green’s caller bid called “White Horse Tavern.”
What bash you deliberation astir the caller BAYC phishing scam? Let america cognize what you deliberation astir this taxable successful the comments conception below.
English (US) 