Bobos & Wojaks

Get rich or die tryin

Bored Ape Yacht Club Discord Server Got Hacked

Multiple Discord servers, including the Bored Ape Yacht Club’s, have been hacked. Hackers appear to have taken advantage of a recent Ticket Tool Discord bot upgrade to distribute phishing URLs across many servers.

High-value NFTs were taken as a result of a Discord-related security vulnerability. The Bored Ape Yacht Club, Doodles, and several other major NFT collections’ Discord servers were hacked early Friday morning, leaving the NFT community in disarray.

At 6:19 UTC, a message emerged on the Bored Ape server notifying users of a new “Mutant ape Kennel Club” collection as well as a false minting link. Users that clicked the link signed transactions giving the hacker permission to take their NFTs from their wallets. Despite the bad timing, this wasn’t an April Fool’s joke: the hacker had discovered an issue in a popular Discord bot that allowed him to infiltrate servers and publish links in restricted channels without the consent of the server operator.

bayc-nft-crypto

A similar message was also posted on the Doodles Discord server, advising users of a new “genesis mint” with a limited supply. Users who clicked on the Bored Ape Discord post link and attempted to mint would have the NFTs in their wallet moved out by the hacker.

The attack was soon announced on the official Bored Ape Yacht Club Twitter feed. “A webhook in our Discord was temporarily hacked. “We detected it right away, but please be aware that we will not be conducting any April Fools stealth mints / airdrops, etc,” the post stated.

SerpentAU, an NFT fan and DAPE co-founder, first claimed on Twitter that the servers had been hacked because the owner of the widely used Discord Captcha Bot had been hijacked, citing “inside knowledge” obtained from one of the hackers. They later confirmed, however, that an issue in a different Discord bot called Ticket Tool allowed hackers to infiltrate servers using it. The official Ticket Tool Twitter account responded to SerpentAU’s post by stating that the upgrade that created the exploit had been revoked.

The hacker stole at least one Bored Ape, one Mutant Ape, and two Doodles NFTs, according to blockchain security firm PeckShield. The hacker has since sold or transferred all four NFTs, according to transaction data. 

This is not the first time collectors have lost NFTs and cryptocurrency as a result of compromised Discord servers. When a server bot was compromised in February, members of the Doodles Discord channel fell prey to phishing links, resulting in some people losing their Doodles NFTs.