What You Need To Know About The Yuga Labs Discord Hack

More Bored Apes stolen, this time in a Yuga Labs Discord hack. This is what you need to know.


  • Yuga Labs Discord Hack
  • Bored Ape Yacht Club Issues

Yuga Labs Discord Hack

The official Bored Ape Yacht Club (BAYC) Discord community suffered a phishing attack yesterday. The account of BAYC’s community manager Boris Vagner was compromised, meaning it was used to send phishing emails to several members of the Discord.

“Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted,” Bored Ape Yacht Club said via Twitter. 

As the vague “200 ETH worth of NFTs” implies, the phishing attack didn’t just include BAYC NFTs — 200 ETH would only net you about two of those bad boys. According to Certik, the attack comprised many different NFT projects including Alien Frens, Mutant Ape Yacht Club, Lazy Lions, and Invisible Friends. Though, BAYC 3215 did manage to exchange hands 

Bored Ape Yacht Club told anyone affected by the phishing attack to email them. They also gave a reminder that they, “do not offer surprise mints or giveaways.”

Recommended: Immutability, Decentralization, and The Bored Ape Yacht Club

Yuga Labs And Bored Ape Yacht Club Issues

This isn’t the first time BAYC’s Discord was hacked. It’s also not just a problem for BAYC, seeing as many Discords have suffered the same attacks.

“Seems the @yugalabs hack is the increasingly common scam of promising something and then having you approve their contract to steal your NFTs,” The Ape Collector said via Twitter. “The site will scan what NFTs you have and then ask you to do a `setApprovalForAll` tx which allows them transfer your NFTs to themselves.”

In other words, the contract you sign using your wallet gives the attacker the permission to do this. Nevertheless, many still are pinning the blame on the Discord community. In this case, the reason the phishing attack was successful was because of community manager account falling into the wrong hands. Seeing him offer something outlandish didn’t raise alarm bells for some unfortunate community members.

This has led to a lot of criticism from the community, and even some suggestions on how to protect the investors better in the future.

It’s unclear if any of this would actually help. You could update the tech all you want, but scammers tend to update their methods. There is no solving for human error.

The easiest solution unfortunately comes down to using common sense. At the end of the day, a phishing attack only works if you let it work.

Recommended: Bored Ape TV Show Shut Down After Ape Stolen in Phishing Scam