The Discord server of Bored Ape Yacht Club — the largest NFT collection by market cap — was compromised today, the team confirmed in a Twitter post.
An unknown hacker gained access to the official Discord meant to host members of Bored Ape Yacht Club, Mutant Ape Yacht Club and Mutant Ape Kennel Club, three NFT collections from Yuga Labs.
The hacker successfully posted a phishing link in the Mutant Ape Kennel Club channel. It was disguised as a ‘stealth NFT mint’ and was used to steal Mutant Ape Yacht Club #8662 from one user, according to security firm PeckShield.
The BAYC team said in its tweet that it had ‘caught’ the issue immediately. Nevertheless, the team cautioned users not to mint any NFT using a link posted on its Discord and reminded observers that it had no plans for any April Fools stealth mints.
“STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised,” BAYC wrote in its tweet. “We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.”
It has been reported the hacker may have carried out the attack via Ticket Tool, a popular Discord bot that automatically generates support tickets.
Twitter users have warned about a similar exploit on the Discord server of Doodles, another popular NFT collection, but the Doodles team is yet to comment.
Compromising Discord accounts is a common route hackers take to execute phishing attacks on NFTs collectors. Just a few weeks ago, a newly launched NFT collection Rare Bears said its members fell victim to a similar incident and lost assets over $790,000.