Discord BAYC server hacked, damage up to $2.7M

The BAYC Community Manager has reported that his Discord account has been hacked, leading to a scam giveaways being made on BAYC’s official Discord channel.

(Sourse: CryptoSlate)

The Web2 Discord application has once again proven to be a weak point in the underlying structure of a blockchain project.

More than 175 ETH was stripped from investors’ accounts after Bored Ape Yacht Club’s Discord server was hacked.

@BorisVagner, who was only promoted to the position of media manager (Social Media) for Yuga Labs in January 2022, had his Discord account hacked.

The attacker can then post phishing links via the official BorisVagner account on the Yuga Labs Discord server.

The phishing link was posted via BorisVagner’s account (Image source: Twitter OKHotshot)

The aforementioned phishing link has been edited to protect readers. BAYC accordingly released a statement 9 hours after the first scam report was discovered:

OUR DISCORD SERVER HAS ENJOYED A “MINIUM” MINING AGAIN TODAY. RESEARCH TEAM TO GET IT FAST AND SOLVED IT. ABOUT 200 ETH VALUE NFT HAS BEEN MINED. WE ARE STILL Investigating, BUT IF YOU ARE AFFECTED, EMAIL US AT DISCORD@YUGALABS.IO.

The statement from BAYC said that the team “resolved the issue quickly” and confirmed the total value lost by members was 200 ETH. At the present time, that value is $354K.

The lack of urgency in reporting the issue to the community and the brevity of the announcement suggest an element of complacency on the part of Yuga Labs.

Total damage and attack focus

According to Peckshield, “32 NFTs were stolen, including 1 #BAYC, 2 #MAYC, 5 #Otherdeed, 1 #BAKC”. The scam was first reported by OKHotshot.

OKHoshot tweeted, “@BorisVagner account has been compromised, hacker actually did a phishing attack through it. More than 145E was stolen.”

The reported loss of NFTs is currently worth around $354k.

Fraudulent transactions made by hackers (Image source: Twitter OKHotshot)

He also further commented that “Proper security measures should be maintained for any project with millions of dollars in revenue. Especially if the project is in the top 10 of the market. The absence of a security manager increases the risk of attack significantly.”

OKHotshot believes a security manager could have prevented this unwarranted event as they would be responsible for security operations, group policies, and ensuring that they are maintained.

Yuga Labs operations currently have a variety of work roles on the project, but none for operational security.

Reaction from the community

The crypto community has also spoken out on the matter through a thread posted by Reddit user u/naji102.

Users discussed the drop in trust in NFT due to the increase in scams even coming from trusted official sources.

u/XnoonefromnowhereX commented, “Messages with grammatical errors should be a red flac,”.

While u/CrimsonFox99 concurred, “Hard to blame them for that part, especially coming from a supposedly reliable source.”

One Twitter user reached out to OpenSea and LookRare to plead, “I just clicked on a fake link, 2 MAYCs and 8 cool cats were stolen. … please help. They took it all away from me.”

There are also incoming calls from other users agreeing to freeze the thief’s account.

It seems that decentralized organizations only get strong support until investors crash and turn to beg for help from centralized institutions.

Attack history of Discord BAYC server

This is not the first time BAYC’s Discord server has been hacked. The server was hacked in April 2022, with MAYC #8662 being stolen.

The story continued to rise when it later became known that Taiwanese pop superstar Jay Chou was the owner of a stolen $550K NFT.

A Discord account was hacked in both cases, allowing the attack to be carried out via phishing links to official project channels.

Learn more about common scams in the crypto market at

Tags:,