Bored Ape Yacht Club dealt with this issue swiftly and then issued a statement saying “...A webhook in our Discord was briefly compromised…other Discords are also being attacked right now.” The hacker posted an “...April Fools stealth mint…” to get users to connect to a website that would then take their assets from their wallet upon approving the site.
It is being speculated that this attack was premeditated and deployed with the arrival of April Fools Day.
STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.— Bored Ape Yacht Club (@BoredApeYC) April 1, 2022
The Kaiju Kingz Discord was also compromised.
Community members were notified of a Legendary Genesis Mint for 0.05 ETH with a supply of only 100 to provoke users to act quickly on the mint.
The hacker posted a note in the message stating “be sure to approve when minting…” to make sure that the targeted users gave permission to have their wallets drained.
The reported attack vector is a popular Discord bot, Captcha.bot, used to help verify the users are real humans.
Users seeking additional protections can head to User Settings in Discord, select Authorized Apps and remove Captcha.bot permissions from their account.
I have received inside information from one of the hackers.— Serpent (@SerpentAU) April 1, 2022
🚨 THE OFFICIAL CAPTCHA BOT IS HACKED, REMOVE IT FROM YOUR SERVER 🚨
BAYC & Doodles have already been hacked within the last 30 minutes but MANY MORE SERVERS WILL BE HACKED. pic.twitter.com/eEVjsxCyre
Other sources suspect the hacks may have compromised, Ticket Tool, another Discord bot. It has been heavily recommended that NFT communities remove this bot from their Discord to prevent any possible compromise of the server.
THIS IS 100% CONFIRMED. AUDIT LOG FROM DOODLES & SHAMANZS— Serpent (@SerpentAU) April 1, 2022
🚨 TICKET TOOL IS HACKED 🚨
REMOVE IT FROM YOUR SERVER. pic.twitter.com/KKHn5RHCVL
The community manager for RTFKT Studios stated that they temporarily removed their holder chat for the time being as the Collab Bot gives users access to that channel and they do not wish to use any third-party bot at this time.
Today, a few large Discord servers were hacked.— Conne (@RTFKTConne) April 1, 2022
This morning, we reviewed our security measures and made a few changes.
As a reminder, it is highly unlikely that any project will post a stealth mint in Discord and users should always be wary when they see links for mints posted in Discord that are not also confirmed on the project's official Twitter account. For more on recent scams, refer to our guide on what to watch for.