Yuga Labs’ Discord servers were recently exploited resulting in a 200 ETH, around $361,000 worth of NFT loss. Yuga Labs confirmed this exploit 11 hours later by saying it recovered the hacked account but failed to recover the NFTs. With so many exploits on Discord servers, is it really the best platform to form communities for NFT projects?
For the past few weeks, phishing attacks have become quite frequent on Discord servers. Just recently, the Solana WOS Discord server was hacked which caused a huge loss to the members. Furthermore Seth Green was also a victim of a phishing attack that sabotaged his upcoming NFT-based animated show.
Yuga Labs’ Discord servers members also couldn’t escape this wave of phishing attacks.
Yuga Labs Discord suffers from a 200 ETH NFT exploit
On Saturday, someone hacked into the project’s Community Manager, Boris Vagner’s Discord account, which gave them access to the private Discord servers for BAYC, MAYC, and Otherside. Since Vagner was a manager, no one would really suspect if he shared a link in the chats, and that’s exactly what happened.
The hacker posted a phishing link with messages like giveaway events only for BYAC, MYAC, and Otherside NFT holders through the manager’s account. The users fell into the trap quite easily and clicked on the link that led them to a site for login details. Once they logged in, the attacker swiped their wallet clean from NFTs and ETH coins.
Although many experts and traders have advised NFT holders to never click on any suspicious link even if it’s from a trusted source, no one suspected a link from the project’s officially appointed manager.
The report for the hack was first shared by a Twitter user, NFTherder. According to him, 145 ETH worth of NFTs, around $260,000, got stolen from four wallets through the phishing link. This news spread all over the community like fire but it was too late for those who already clicked on the link.
11 hours later, Yuga Labs officially tweeted to confirm the exploit:
Spoiled Banana Society Discord makes a narrow escape
The creator behind BYAC shared that the attacker didn’t stop at the Bored Ape server, but also posted a phishing link on Vagner brother’s NFT project Spoiled Banana Society (SPS) Discord server.
Since Vanger is also a manager for that project, it was easier for the attacker to post links. However, the message was immediately deleted.
As of now, SPS users haven’t reported any NFT loss but the management asked members to immediately email them if someone did fall victim to the attack.
Yuga Labs marks third-time exploit
The recent hack isn’t the first one to happen. Yuga Labs’s Discord has suffered losses twice due to bad actors. Is it really a good choice for Yuga Labs to keep operating its community on Discord?
Although Discord has always claimed high security on its servers, this third exploit on the same server is quite alarming for the NFT holders.
The first exploit happened on April 1, 2022. An attacker stole Mutant Ape Yacht Club #8662 by posting a phishing link on the server’s chat. On April 25th, a second exploit happened on both BYAC’s Instagram and Discord where the scammer posted a phishing link for Otherside minting. The BYAC creator lost $2.8 million worth of NFTs.
For the second hack, Yuga Labs claimed that there was a two-factor authentication enabled on its Instagram account, but the hackers still managed to hack it and scam people.
Since Yuga Labs is now the creator of top NFT collections, it is essential for them to prioritize the safety of their NFT holders, or else they might easily lose the trust of traders.
Is Discord really a safe platform?
With so many exploits happening, the question arises, is Discord really a safe platform for NFT holders?
Twitter user Gordon Goner tweeted about this issue and asserted that Web3 companies should now look for a better platform to form communities. He said, “Discord isn’t working for web3 communities. We need a better platform that puts security first.”
On the other hand, some experts blame the users for falling for phishing attacks every time. A Twitter account, Steve Fink wrote:
The Yuga Labs Discord is in complete chaos right now because they weren’t able to recover from the NFTs and are patiently waiting for the company to solve this exploit.
Similar attacks have happened to many Discord servers. User NFTherder shared a list of a total of 70 Discord servers of different Web3 and NFTs projects that have been hacked or exploited for May 2022 only.
This means that NFT holders are nowhere safe inside a private Discord community because attackers will find a way to steal NFTs one way or another.
In the case of the Solana NFT Discord hack, the members successfully scammed the hacker and recovered all stolen NFTs. The Yuga Labs community hasn’t shared any updates on the exploits over the last two months, so no one really knows what will happen.
Until the project creators give a better and safe solution to its members, the only way to save yourself from this phishing attack wave is to trust no link shared on the social website and to always double-check the link before typing out personal details.
