The Trust Project is a worldwide group of news organizations working to establish transparency standards.
Yuga Labs, the creator of Bored Ape Yacht Club and Otherside, has confirmed the Discord server was hacked over the weekend, and 200 ETH worth of NFT have been stolen. This keeps happening. But why?
How to avoid Discord scams
First, let’s understand how the hack happened. Discord is a fairly standard chat platform with full 2-factor authentication support and all the traditional security bells and whistles. But Discord is also a casual tool used by gamers and crypto fans primarily for its ease of use. While Slack is geared toward a business audience, Discord is for those looking for a quick and dirty solution to chatting online.
Slack forces a fairly complete and secure sign-in process, for example, and notifies users when “outsiders” or guests are visiting a Slack instance. Discord, on the other hand, allows for quick and easy sign-ins by anyone. Again, this isn’t a problem but a feature. Discord is supposed to be easy.
This means, however, that a compromised account can wreak havoc on a popular room, just as it can in a Telegram or Signal room. Further, mods like Yuga Labs Community and Social Manager Boris Vagner have a great deal of power inside a room they own. When one of their accounts says something in a room, there are hundreds or even thousands of eager users who are willing to follow instructions.
In Yuga Labs’ case, the hackers accessed’s Vagner Discord account and posted phishing links promoting an exclusive giveaway. According to the post, the special offer was only available to holders of Bored Ape Yacht Club, Mutant Ape Yacht Club, and Otherside NFTs, thus targeting only people who already had NFTs in their wallets.
Those that chose to take advantage of the offer had to provide login information in order to take part in the giveaway. The hackers could then access their holdings.
Three tips for staying secure on Discord
First, never click any links in Discord, especially links that purport to offer mints or giveaways. There is no such thing as free NFTs nor are “wow OMG $500 in Litecoin from Elon Musk” offers real. Repeat after me: there are no giveaways. Ever. Perhaps you know the developer of an NFT and they want to give you an Goblin Ass or something. Give them your wallet address and nothing more. There is no situation in which a serious NFT producer would request your login information.
Next, your Metamask or wallet is sacred. There should be no situation in which you need to login to your Metamask wallet to access any free NFT. There may be situations in which you need to use Metamask authentication to login but that’s it. The average scammer is sly but stupid. They will require something unusual from you when you try to take advantage of their offer. Stay vigilant.
Stay out of Discord entirely. If we’re being honest there is little going on in project discords except excitable pumps and needless chatter. There might be a situation in which the NFT producer offers a “mutation” or other silliness but the vast majority of the time you’ll be faced with a cavalcade of “2 the m00n!” and “I love this project!” Those who talk about NFT projects are rarely in it for the love of the game just as anyone talking up a particular Vegas casino is in it because the steaks at the restaurant are great. There’s always an ulterior motive.
In short, Discord is not to be trusted. It’s too easy to hack, too easy to spoof, and too noisy to be of value to the average user. Keep your wits about you.
And it’s not just Discord.
In fact, this is not the first BAYC-related scam this year. Just in April, BYAC’s Discord channels were hacked. The same month, BYAC’s Instagram account was compromised in a nearly identical hack, leading hackers to access people’s wallets and stealing approximately $3 million worth of NFTs.
However, there is clearly a bigger issue around NFT security. Back in March, the Rare Bears Discord server was compromised, and holders of Rare Bears NFTs got scammed out of $800,000 worth of NFTs. In May, hackers promoted a non-existent YouTube partnership on OpenSea Discord, posting a phishing link. Still in May, 29 Moonbirds worth $1.5 million were stolen. Again, all that was needed was one bad link.
While it’s clear NFT holders need to remain vigilant over their crypto wallets, the prominence of social media scams is also astounding, and it begs the question: Who is to blame?
According to one of the BAYC founders Gordon Goner, the hacks are Discord’s fault, completely pushing the blame away from Yuga Labs. Following the attack, Goner tweeted, “Discord isn’t working for Web3 communities. We need a better platform that puts security first.”
While we do not know what sort of security measures Yuga Labs installed following the April hacks, it’s clear they were not enough. Goner might be right saying that metaverse deserves a more secure platform for communication purposes. However, as long as companies use popular platforms like Discord, Instagram, and Twitter, it is also their duty to ensure their security and the security of the NFT holders.
Keep your wits about you, Metaverse explorer, and stay safe.
Read related posts:
- The NoMo SoHo adds NFTs
- Syndicate raises $6 million with ‘informal’ round of funding
- BAYC and OtherSide Discords attacked in giveaway scam
Any data, text, or other content on this page is provided as general market information and not as investment advice. Past performance is not necessarily an indicator of future results.