The big-brained scammers did see April Fools Day as a great opportunity to commit hack attacks. And one of the victims is Bored Ape Yacht Club whose official discord server got compromised. The team confirmed the news via Twitter.
A phishing link was successfully posted in the Mutant Ape Kennel Club discord channel by the hacker. It was passed off as a ‘stealth NFT mint’, and later blockchain security firm Peckshield revealed that MAYC NFT #8662 was stolen during the attack.
The BAYC team did say that a webhook in their Discord server was briefly hacked. They detected it right away and warned the community to be aware that there were no April Fools stealth mints or airdrops.
Twitter user Serpent claims to have discovered the source of the hack. The real source of the hack was the Ticket Tool, according to them. Ticket tool is a popular Discord bot that generates support tickets automatically.
Ticket Tool’s official Twitter handle responded saying that a recent update made to the add command had a bug allowing for some type of permission exploit. They’ve for now reverted the update to the previous uncompromised version and will be looking into exactly how this happened.
Meanwhile, Jay Chou, a popular Taiwanese singer, claimed that his tokens were stolen in a phishing attack. As per Etherscan data, the stolen items included a BAYC, a Mutant Ape Yacht Club, two Doodles, and 169 ETH, approximately $549,000.
Given that the two occurrences happened around a day apart and involved distinct ETH wallets, it is unclear whether they are connected.
According to Twitter user zachxbt, similar phishing messages were seen on several other NFT-centric Discord channels using the same tool, including Doodles’ NFT collection. The Doodle team has not yet commented on the incident.
In a similar manner, last month NFT marketplace Rare Bears got affected when the firm’s Discord server got compromised after the hacker posted a phishing link. The hacker stole $800,000 worth of NFTs from the top collections.
