Former PROOF COO Ryan Carson Sells Cosmic MoonbirdRead More

Doodles and BAYC Suffer Discord Hack

Cameron CilettiCameron Ciletti
Doodles and BAYC Suffer Discord Hack

Late last night, a Discord hack briefly left notable project Discords for Bored Ape Yacht Club and Doodles compromised.

Bored Ape Yacht Club dealt with this issue swiftly and then issued a statement saying “...A webhook in our Discord was briefly compromised…other Discords are also being attacked right now.” The hacker posted an “...April Fools stealth mint…” to get users to connect to a website that would then take their assets from their wallet upon approving the site.

It is being speculated that this attack was premeditated and deployed with the arrival of April Fools Day. 

The Kaiju Kingz Discord was also compromised.

Community members  were notified of a Legendary Genesis Mint for 0.05 ETH with a supply of only 100 to provoke users to act quickly on the mint.

The hacker posted a note in the message stating “be sure to approve when minting…” to make sure that the targeted users gave permission to have their wallets drained. 

The reported attack vector is a popular Discord bot, Captcha.bot, used to help verify the users are real humans.

Users seeking additional protections can head to User Settings in Discord, select Authorized Apps and remove Captcha.bot permissions from their account.

Other sources suspect the hacks may have compromised, Ticket Tool, another Discord bot. It has been heavily recommended that NFT communities remove this bot from their Discord to prevent any possible compromise of the server. 

The community manager for RTFKT Studios stated that they temporarily removed their holder chat for the time being as the Collab Bot gives users access to that channel and they do not wish to use any third-party bot at this time.

As a reminder, it is highly unlikely that any project will post a stealth mint in Discord and users should always be wary when they see links for mints posted in Discord that are not also confirmed on the project's official Twitter account. For more on recent scams, refer to our guide on what to watch for

Related articles

‌
‌
‌
‌
‌
‌
Related articles
View All
‌
‌
‌
‌
‌
‌
© 2022 Lucky Ducks, Inc