BAYC Says Discord Briefly Compromised, Tells Users to Avoid Discord for Minting APE NFTs
A ticket tool on Discord was briefly compromised and caught by the BAYC team in early Asian hours on Friday. It also affected other NFT projects.
Updated May 11, 2023 at 5:29 p.m. UTC
The official channel of the Bored Ape Yacht Club (BAYC) on the popular messaging service Discord was hit by a malicious tool that intended to trick users into minting fake non-fungible tokens (NFT) from the popular Bored Ape collection, the company said in a tweet on Friday.
- “Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised,” BAYC said in a tweet. “We caught it immediately but please know: we are not doing any April Fools stealth mints/airdrops etc.”
- Security researchers said a ticket tool that verifies users and pushes channel-wide notifications was compromised. Clicking on the malicious links that enticed users to mint a limited edition NFT would lead to an illicit script that could steal a user’s NFTs and other wallet information, researchers said.
- Several other NFT-centric Discord servers, such as Doodles, Shamanzs, and Nyoki, that use the same tool saw similar phishing messages, pseudonymous blockchain research ‘zachxbt’ pointed out.
- BAYC’s Discord channel is closed to new members at the time of writing. A single NFT from BAYC’s Mutant Ape collection has been stolen thus far.
- ApeCoin (APE), the token linked to BAYC, fell 8.3% in the past 24 hours amid a broader drop in the crypto market. Bitcoin (BTC) briefly lost support at $45,000, while ether slid as much as 5%.
UPDATE (April 1, 07:36 UTC) : Updates headline, amends reference to Discord in the lead.
UPDATE (April 1, 11:23 UTC): Adds a line on ApeCoin's performance in the last bullet.