The official channel of the Bored Ape Yacht Club (BAYC) on the popular messaging service Discord was hit by a malicious tool that intended to trick users into minting fake non-fungible tokens (NFTs) from the popular Bored Ape collection, the company said in a tweet on Friday.
- “Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised,” BAYC said in a tweet. “We caught it immediately but please know: we are not doing any April Fools stealth mints/airdrops etc.”
- Security researchers said a ticket tool that verifies users and pushes channel-wide notifications was compromised. Clicking on the malicious links that enticed users to mint a limited edition NFT would lead to an illicit script that could steal a user’s NFTs and other wallet information, researchers said.
- Several other NFT-centric Discord servers, such as Doodles, Shamanzs, and Nyoki, that use the same tool saw similar phishing messages, pseudonymous blockchain research ‘zachxbt’ pointed out.
- BAYC’s Discord channel is closed to new members at the time of writing. A single NFT from BAYC’s Mutant Ape collection has been stolen thus far.
UPDATE (Apr. 1, 07:36 UTC) : Updates headline, amends reference to Discord in the lead.