Doodles and BAYC Suffer Discord Hack

In this post

Late last night, a Discord hack briefly left notable project Discords for Bored Ape Yacht Club and Doodles compromised.

Bored Ape Yacht Club dealt with this issue swiftly and then issued a statement saying “...A webhook in our Discord was briefly compromised…other Discords are also being attacked right now.” The hacker posted an “...April Fools stealth mint…” to get users to connect to a website that would then take their assets from their wallet upon approving the site.

It is being speculated that this attack was premeditated and deployed with the arrival of April Fools Day.

STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.
— Bored Ape Yacht Club (@BoredApeYC) April 1, 2022

The Kaiju Kingz Discord was also compromised.

Community members were notified of a Legendary Genesis Mint for 0.05 ETH with a supply of only 100 to provoke users to act quickly on the mint.

The hacker posted a note in the message stating “be sure to approve when minting…” to make sure that the targeted users gave permission to have their wallets drained.

Kaiju Discord got hack 👀
Do not mint @KaijuKingz
Lol lol pic.twitter.com/bDycNPlCfO
— BlackMonkey Mint 15/4 on ETH (@JasonBlaxk666) April 1, 2022

The reported attack vector is a popular Discord bot, Captcha.bot, used to help verify the users are real humans.

Users seeking additional protections can head to User Settings in Discord, select Authorized Apps and remove Captcha.bot permissions from their account.

I have received inside information from one of the hackers.

🚨 THE OFFICIAL CAPTCHA BOT IS HACKED, REMOVE IT FROM YOUR SERVER 🚨

BAYC & Doodles have already been hacked within the last 30 minutes but MANY MORE SERVERS WILL BE HACKED. pic.twitter.com/eEVjsxCyre
— Serpent (@SerpentAU) April 1, 2022

Other sources suspect the hacks may have compromised, Ticket Tool, another Discord bot. It has been heavily recommended that NFT communities remove this bot from their Discord to prevent any possible compromise of the server.

THIS IS 100% CONFIRMED. AUDIT LOG FROM DOODLES & SHAMANZS

🚨 TICKET TOOL IS HACKED 🚨

REMOVE IT FROM YOUR SERVER. pic.twitter.com/KKHn5RHCVL
— Serpent (@SerpentAU) April 1, 2022

The community manager for RTFKT Studios stated that they temporarily removed their holder chat for the time being as the Collab Bot gives users access to that channel and they do not wish to use any third-party bot at this time.

Today, a few large Discord servers were hacked.
This morning, we reviewed our security measures and made a few changes.
— Conne (@RTFKTConne) April 1, 2022

As a reminder, it is highly unlikely that any project will post a stealth mint in Discord and users should always be wary when they see links for mints posted in Discord that are not also confirmed on the project's official Twitter account. For more on recent scams, refer to our guide on what to watch for.

Author Bio

Cameron Ciletti

Cameron Ciletti is an NFT Analyst for Lucky Trader with over four years of writing experience ranging from fantasy sports to NFTs. Cameron is very keen on CC0 NFTs as he believes free usage rights aligns with the values of what Web 3 is trying to accomplish. Cameron is also a big advocate for mental health awareness as he has Bipolar disorder and wants others to know they are not alone in their struggles with mental health. Outside of NFTs, he enjoys playing the board game Catan competitively and the video game Rocket League.

Disclaimer: The author or members of the Lucky Trader staff may own NFTs discussed in this post. Furthermore, the information contained on this website or the Lucky Trader mobile application is not intended as, and shall not be understood or construed as financial advice. AI may have assisted in the creation of this content.