Yuga Labs, Bored Ape Yacht Club (BAYC) creator has cautioned there may soon be a “coordinated attack” targeting multiple non-fungible token (NFT) communities. The cautionary comes only days after hackers compromised the website of Premint NFT, making off with more than 300 NFTs and $375,000 of Ethereum, the largest NFT hacks in 2022.
The NFT tweeted on July 19 that its security team has been tracking a “persistent threat group” targeting the NFT community through compromised social media accounts, urging followers to be on the post.
This is neither the first time nor the last, that the company has warned its community of a possible social media-led attack by hackers. In June, the pseudonymous co-founder of Yuga Labs, Gordon Goner, issued a warning of a possible incoming attack on its Twitter social media accounts. Soon after the warning, Twitter officials began monitoring activity on the accounts and encouraged their existing security. Goner said to the investors that the company would never conduct any surprise mints; a popular method attackers use to trap victims.
The warning came just a week after two official Discord groups linked to BAYC and OtherSide NFTs were compromised, allowing spammers to share various phishing links into the official BAYC, Mutant Ape Yacht Club, and OtherSide groups on discord.
The Yuga Labs warning comes only days after threat actors hacked the popular NFT platform Premint NFT, stealing approximately 314 NFTs and $375,000 in Ethereum (ETH).
Premint is an NFT whitelisting service that helps NFT artists access a large number of verified NFT collectors quickly, whitelisting them for new NFT projects. The NFT services platform touts more than 12,000 NFT projects and a database of more than 2.4 million collectors.
The thefts occurred on Sunday after hackers inserted malicious code into Premint’s website, according to blockchain security firm Certik, the code created a pop-up that stimulated users to authenticate their wallet ownership in spite they gave hackers the permissions necessary for them to transfer NFTs from their victim’s wallets.
Six wallets have been identified as falling victim to the attack, containing NFTs, that include Bored Ape Yacht Club, Otherside, Oddities, and Goblintown.
Premint said it would continue to “dig into the incident” and reminded users that they would never be asked to sign any kind of transaction on the platform.
The platform has also changed in light of the attack, allowing users to log in without their wallets — which they claim will be safer and more convenient.
Leave a Reply