The Discord servers of the Bored Ape Yacht Club and several other NFT collections were compromised Friday morning.
A hacker exploited an update to the widely-used Ticket Tool bot to post fake minting links.
The hacker stole at least four NFTs from the Bored Ape, Mutant Ape, and Doodles collections.
Share this article
Several Discord servers, including that of the Bored Ape Yacht Club, have been compromised. Hackers appear to have exploited a recent Ticket Tool Discord bot update to post phishing links across multiple servers.
NFTs Lost Through Discord Hack
A Discord-related security breach has resulted in high-value NFTs being stolen.
The Discord servers of the Bored Ape Yacht Club, Doodles, and several other prominent NFT collections were compromised early Friday morning, leaving the NFT community reeling.
A message appeared in the Bored Ape server at 6:19 UTC informing users of a new “Mutant Ape Kennel Club” collection and posting a fake minting link. Unsuspecting users who clicked the link signed transactions that gave the hacker the right to transfer their NFTs from their wallets. Despite the unfortunate timing, this wasn’t an April Fools’ joke—the hacker had managed to find an exploit in a popular Discord bot to infiltrate servers and post links in restricted channels without the server admin’s permission.
The hacker’s fake Discord post. Source: @cubedmeta
The hacker also posted a similar message in the Doodles Discord server, informing users of a new “genesis mint” with a limited supply. Like the Bored Ape Discord post link used, those who clicked on it and tried to mint would have the NFTs in their wallet transferred out by the hacker.
The official Bored Ape Yacht Club Twitter account quickly informed followers of the attack. “A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc,” the post read.
NFT enthusiast and DAPE co-founder SerpentAU initially posted to Twitter that the compromised servers were due to the owner of the widely-used Discord Captcha Bot being hacked, citing “inside information” received from one of the hackers. However, they later confirmed that an exploit with a different Discord bot, Ticket Tool, allowed hackers to infiltrate servers. In response to SerpentAU’s post, the official Ticket Tool Twitter account stated that the update that caused the exploit had since been reverted.
According to the blockchain security firm PeckShield, at least one Bored Ape, one Mutant Ape, and two Doodles NFTs were stolen by the hacker. Transaction data shows that the hacker has since sold or transferred all four NFTs.
Today’s incident is not the first time collectors have lost NFTs and cryptocurrency due to compromised Discord servers. In February, members of the Doodles Discord server fell victim to phishing links when a server bot was hacked, resulting in several members losing their Doodles NFTs.
However, thefts of high-value non-fungibles have not been limited to Discord. Also, in February, a phishing email scam sent to OpenSea users resulted in over $3 million worth of NFTs being stolen from collections such as Bored Ape Yacht Club, Doodles, and Azuki.
As NFTs surge in value, their owners will likely continue to be targeted by scams. Those operating Discord servers will need to take extra precautions to protect their communities from further attacks.
Disclosure: At the time of writing this piece, the author owned ETH and several other cryptocurrencies.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
NFT Express: Your on-ramp to the world of NFTs
At Tatum, we’ve already made it super easy to create your own NFTs on multiple blockchains without having to learn Solidity or create your own smart contracts. Anyone can deploy…
OpenSea NFT Hack Exposes Web3 Self-Custody Risks
The hacker stole hundreds of high-value NFTs from sought-after collections like Bored Ape Yacht Club, Azuki, and NFT Worlds. OpenSea Users Targeted in NFT Hack A hacker stole millions of…
Bored Ape NFT Collector Loses $2.2M in Phishing Scam
An NFT collector has lost millions of dollars’ worth of NFTs in an apparent phishing attack. NFT Collector Targeted With a Phishing Attack A New York-based art curator and NFT…
NFT Collector Sues OpenSea for $1M Over Listing Bug
An NFT collector who inadvertently sold a Bored Ape Yacht Club NFT for $26 due to an OpenSea listing issue has filed a lawsuit asking for $1 million in damages….