Bored Apes Creator Warns of Threat Group Targeting NFT Communities

Attackers have targeted wallets hosting several high-profile NFT collections in the past few months.

AccessTimeIconJul 19, 2022 at 2:27 p.m. UTC
Updated Jul 19, 2022 at 3:57 p.m. UTC

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

Yuga Labs, the development studio behind popular non-fungible tokens (NFT) collections such as the Bored Apes Yacht Club, warned in a tweet Monday of a group of attackers targeting the NFT community.

“Our security team has been tracking a persistent threat group that targets the NFT community,” Yuga developers tweeted. “We believe that they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts.”

Yuga Labs did not respond to requests asking for more specific information at writing time. However, the warning came as millions of dollars worth of NFT exploits have occurred in the past few months.

The past weekend saw over $375,000 worth of ether (ETH) and 314 NFTs stolen from Premint NFT, a popular NFT platform. An investigation by security firm CertiK revealed the threat actors planted a malicious JavaScript code on the premint.xyz website. The script was designed to instruct users to “set approvals for all” when connecting their wallets to the site, which allowed attackers to access all assets in the user’s wallets.

“While the malicious file is no longer available due to the Domain Name Server no longer existing, the effects of the attack are visible on-chain," read a statement from CertiK at the time. "In total, six externally owned accounts (EOA) are directly associated with the attack, with approximately 275 ETH stolen (~$375K).

The firm added that attackers “exploit the centralization issues and single-points of failure” that come with crypto projects relying on centralized internet infrastructures. “Hacks of this kind are becoming increasingly popular,” CertiK said. “There has been a marked increase in attackers targeting other official accounts such as social media platforms to conduct exploits.”

The Premint attack came nearly a week after attackers stole over $1.4 million worth of ether from Omni Protocol, an NFT platform that allows users to take loans against their NFTs.

That followed a May attack when users of NFT marketplace OpenSea received false promotional messages on the project’s Discord channel, which led community members to a fake site that ultimately drained user wallets after clicking on a malicious link.

In April, the Bored Apes’ Instagram account and Discord server were exploited with an unofficial "mint" link sent out to followers. The fraudulent link claimed that users could mint "land" in the then-upcoming OthersideMeta, as previously reported.

In a separate April incident, attackers exploited a now-fixed design flaw in the Rarible NFT marketplace to steal a Bored Ape NFT from Taiwanese singer and actor Jay Chou and sell it for over $500,000.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.