Blue-chip non-fungible token (NFT) project Bored Ape Yacht Club (BAYC) said on Saturday afternoon that its Discord servers were subject to a “brief” exploit, as 200 ETH ($357,000) worth of NFTs were ultimately stolen from users.
Screenshots posted by a Twitter user with the screen name OKHotshot show that a project community manager’s Discord account appears to have been hacked, meaning scammers could carry out a phishing attack.
“We are still investigating, but if you were impacted, email us at firstname.lastname@example.org,” the BAYC team wrote on Twitter more than 11 hours following the incident, adding a reminder that the project does not offer surprise mints or giveaways.
Yuga Labs’ co-founder Gordon Goner tweeted shortly after: “Discord isn’t working for web3 communities. We need a better platform that puts security first.”
As one of the most valuable NFT collections on the market, BAYC has become a sweet spot for hackers and snipers over the last year.
In April, the project’s Instagram account was hacked to much worse effect, with 91 NFTs worth at least $2.8 million taken from users. When the Instagram account was accessed, it was used to post a fake update claiming there was a LAND airdrop and users had to connect their wallets to claim the airdrop.
Alongside this, many Bored Ape holders along with owners of other popular collections saw their holdings sniped at prices much lower than their market value due to an OpenSea UX bug earlier in the year.
Bored Ape floor prices have been in steady decline since the project’s 153 ETH peak of late April. The changing market dynamics have affected not just the floor price but also the volume of sales.