The news was first reported by Twitter user NFTherder, who estimated funds worth 145 ETH were transferred to 4 different wallets.
Yuga Labs, the holding firm of BAYC, later confirmed the breach on Twitter 11 hours after the hack and tweeted as a response…
Earlier the day, the Discord account of the project’s community manager, Boris Vagner, was compromised. The attacker then used Vagner’s account to post phishing links on BAYC and its metaverse project, Othersider’s Discord channels. Collectors were tricked into transferring the NFT assets to the attacker’s address via the malicious link.
Vagner was recently promoted to social and community manager for the project in February. He is also Spoiled Banana Society’s (SBS) manager, an NFT fantasy football club. Vagner co-founded SBS with his brother Richard Vagner, the Grammy-winning multi-instrumentalist. The attacker also posted malicious links on the SBS Discord channel. However, there were reportedly no damages.
Questions have started to crop up after the breach related to the project’s security and how the Discord account of such a big project, like BAYC, can be compromised. Even though proper security measures were active, including two-factor authentication, the attacker allegedly exploited the Vagner’s Discord ID token – to gain access to his account.
BAYC is one of the most influential NFT projects, along with CryptoPunks. It has a collection of 10,000 NFTs. Collectors including Eminem, Steph Curry, and Mark Cuban are holders of the esteemed project. The average sales value of each NFT stood at $218,850 for May, a 60% drop from its all-time highs.
Numerous hacks in the BAYC project have been reported lately. Yuga Labs’ social media platforms were the subject of two major hacks in April, with actor and producer Seth Green having his NFT stolen last month.
Users have taken to Twitter to express their concerns and vent anger at the recurring attacks and security breaches. “They (BAYC) should consider investing in a full-time security manager,” a user tweeted in the breach’s aftermath. “Surprised they haven’t already though.”