Yuga Labs has just suffered a new major attack, the latter having brought more than 360,000 dollars to hackers.
NFTs have been in the news for more than a year, but after the excitement of the beginning, the flip side seems difficult to take, especially for the Bored Ape Yacht Club, the most valued collection of NFTs today with authenticated images worth several hundred thousand euros.
This collection, extremely popular, is the source of admiration, but also of criticism and attacks. One of the latest to date managed to embezzle nearly $360,000, making it the most profitable passing attack against NFTs in the young history of these digital tokens.
Losing over 200 ETH, the Bored Ape Yacht Club suffered the worst attack in its very young history. According to the first information we have, a BAYC and two “Mutant Ape” would have been sold illegally during the attack, which allowed the pirate to leave with a bonanza of more than 350,000 dollars.
According to the magazine Fortune, the attack would have started with a simple passing attempt. The latter would have managed to enter the Discord account of Boris Vagner, the Community manager of the project.
A masterfully prepared attack
Once hidden by Vagner’s pseudonym, the hackers then launched fake links in official BAYC conversations. But not everyone fell into the trap, and very quickly the user NFTherder spotted the deception.
According to him, the fake site (which was posing as the Otherside metaverse) was actually linked to four digital wallets with an aggregate estimate of around 145 ETH.
Shortly after this discovery, Yuga Labs, which is behind the collection, confirmed the attack on its twitter account. They are explained that 200 ETH had been stolen. If they claim to have launched an investigation, it is unlikely that the money and the cryptocurrencies will ever be found.
This attack is much talked about by its magnitude, but also because it is not the first. Indeed, this is the second time in as many months that Yuga Labs has been the victim of an external attack. During the first attack, a user had managed to break the captcha used and thus steal millions of dollars in NFT.
Pedagogy: the only solution for Yuga Labs?
Acts of this kind are also very numerous, and Yuga Labs, if cybersecurity necessarily raises questions, is not the only company concerned. In effect, VICE estimates that attacks on the decentralized finance market represent $14 billion in 2021, a figure that is likely to explode in 2022.
Yuga Labs has tried to calm its users down, while doing a bit of education. In a tweet a few hours after the attack, the company announced that it never made surprise gifts to its members or other “giveaways”. However, this is what the fake Discord message claimed that raised nearly $350,000 from the hackers.