BAYC Discord Compromised, NFTs Totaling 200 ETH Stolen

The Discord account belonging to BAYC community manager Boris Vagner was compromised on Saturday, paving the way for the theft

article-image

Bored Ape Yacht Club | Source: Shutterstock

share

key takeaways

  • A malicious actor has made off with $359,000 worth of Bored Ape NFTs following a compromise to BAYC’s discord server
  • The hack marks the third time in two months that BAYC’s NFTs have been compromised, raising questions over the project’s security

A malicious actor has made off with 200 ether ($359,000) worth of Bored Ape NFTs after the Discord server belonging to the project was compromised on Saturday.

Bored Ape Yacht Club’s (BAYC) parent company, Yuga Labs, confirmed the amount in a tweet roughly 11 hours following the attack. The attacker was able to breach the security of the Discord account belonging to BAYC’s project manager Boris Vagner, according to on-chain analyst and Twitter user @NFTherder who first sounded the alarm.

“Our Discord servers were briefly exploited today,” Yuga Labs tweeted via its BAYC Twitter handle. “The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating.”

Following the successful breach, the actor was then able to post a phishing scam pretending to be Vagner that duped Bored Ape collectors into clicking a malicious link and sent their NFTs (non-fungible tokens) to the attacker’s address, NFTherder said.

Vagner was promoted to social and community manager in February, according to a tweet in which he praised the founders of Bored Apes and Yuga Labs.

Questions have sprung up on social media as to how the Discord account was compromised, questioning the project’s security. Despite proper security measures by way of two-factor authentication, attackers, in this instance, may have circumvented security by obtaining a Discord ID token from a targeted victim.

One explanation for the method behind the attack was that Vagner’s Discord ID token — used to log in multiple times locally without verifying one’s identity — was also compromised. This could have allowed the actor to gain access to Vagner’s account.

The theft marks the third time BAYC has been hacked, including an instance on April 1 when a Mutant Ape Yacht Club NFT was stolen via a phishing link on Discord. Almost four weeks later, on April 25, BAYC’s Discord and Instagram accounts were also hacked when a link to a copycat website duped users into giving up NFTs worth millions of dollars.

Hundreds of users have taken to Twitter to vent their frustration at the repeated attacks and alleged lack of security.

Loading Tweet..

“They [BAYC] should consider investing a full-time security manager,” NFTherder tweeted in response to one user’s comment on BAYC’s security. “Surprised they haven’t already though.”


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Nillion_DeSci_Report_Template.png

Research

Nillion’s Monad Integration is poised to catalyze the next phase of DeSci’s evolution by eliminating key privacy bottlenecks. This synergy allows researchers, institutions, and DAOs to exchange sensitive data and insights securely while managing governance and payments onchain.

article-image

A community-driven, radically fair currency model is challenging Worldcoin’s biometric vision

article-image

Sponsored

DePIN powers a global network for AI computes, storage, streaming, and IPFS pinning service, enabling AI to be developed and deployed in a decentralized environment with greater transparency, control, and ownership

article-image

Bitcoin has broken its previous price record of $109,026 set on Jan. 19, 2025

article-image

The SEC filed the suit on Tuesday night, alleging that some Unicoin executives made “false and misleading statements” and violated securities laws

article-image

VanEck’s Pranav Kanade told Blockworks that it doesn’t plan to launch a similar fund for other ecosystems at this time