The hacker took advantage of a security breach to steal the equivalent of more than $350,000 from the Bored Ape Yacht Club’s Discord server . This event aroused the indignation and annoyance of Gordon Goner, co-founder of BAYC. He pointed to the lack of security of the platform and accuses him of being responsible for this hack, affecting both BAYC and Otherside. But can we really blame Discord?
How did this hack happen?
Like most hacks taking place on Discord, this unfortunate event took place following a phishing attack. Clearly, the project’s Community Manager Discord account, Boris Vagner , was hacked by the scammer. The latter then used this account to post a link to a supposed giveaway on the server’s official lounges.
Of course, this was in no way an official link and each person signing a transaction with their wallet was totally exposed, risking having their wallet emptied. Finally, the hacker had time to steal 32 NFTs, for a total of 200 ETH. These NFTs included 1 Bored Ape, 2 Mutant Apes, 5 Otherdeed, and 1 Goblintown among others.
Can we really blame Discord for this mishap?
While the co-founder of Bored Ape Yacht Club hasn’t been shy about criticizing Discord for its alleged lack of security, saying that “Discord is not a good platform for web3 communities”, there are many people who don’t agree with this point of view.
This is particularly the case of OkHotshot, a Twitter user specializing in blockchain security. This one claims that Discord is not to blame and that phishing attacks can happen on any platform .
It must be said that this point of view is defended, insofar as BAYC has already been the victim of a similar attack in the past , but through Instagram . This attack had also done even more damage since the equivalent of 2.8 million dollars had then been stolen.
Also according to OkHotshot, this attack was “avoidable” and only occurred following a lack of vigilance on the part of the founders and the Community Manager. The account could only have been hacked following a click by the latter on a dubious link.
Vigilance should always be required
It is true that the lack of vigilance, whether on the part of users or founders, is the reason for many hacks, especially when these occur on Discord.
The best thing to do if you want to protect yourself against this is to systematically check the links you click on , even if they come from accounts you trust completely. These can totally be victims of hacking.
Finally, many people in the NFT community are rightly wondering about the means used by Bored Ape Yacht Club to ensure maximum safety for its members. The project has colossal resources and could very well set up a team of security experts with the aim of minimizing these risks, which unfortunately seem to be recurrent, even inevitable.