Yuga Labs’ coveted NFT collections have been the subject of several malicious attacks since the beginning of the year. The modus operandi of the hackers has so far been largely the same, however Gordon Goner, co-founder of the successful studio, believes another attack could happen again soon.
Yuga Labs’ NFTs have already been the victim of several attacks
Yuga Labs has made a name for itself with its collections of NFTs, Bored Ape Yacht Club (BAYC), Mutant Ape Yacht Club (MAYC) and Bored Ape Kennel Club (BAKC). The company, now valued at over $4 billion, also owns the CryptoPunks, Meebits and Otherdeed collections, the latter consisting of land-based NFTs related to the Otherside metaverse.
On April 25, Yuga Labs’ Instagram account was hacked. Once in control of the account, the hackers published a phishing link to a copy of the BAYC website where Ape holders were invited to log in to their MetaMask account. A total of 133 NFTs were stolen, with an estimated value of three million dollars at the time.
The story was repeated on 4 June, this time on the BAYC Discord server. The account of Boris Vagner, community manager on the platform, was stolen and allowed the thieves to steal 32 NFTs for a total estimated value of 354,000 dollars.
Following this hack, the Yuga Labs teams did not remain silent and denounced the security flaws of the Discord network. They also reminded their community that they do not offer surprise mints and urged them to be extra vigilant.
The threat is still there
This Sunday, in a tweet, Yuga Labs co-founder Gordon Goner said he feared another attack, following the same modus operandi as the previous ones, but this time on Twitter. He said:
We have received credible information that there may soon be an attack on our social networks using an internal Twitter source to circumvent our security.
We’ve received credible information that there may soon be an attack on our social media accounts, using an inside source at @Twitter to bypass our security.
There are no surprise mints. Ever.
– GordonGoner.eth (@GordonGoner) June 11, 2022
Later in the day, Gordon Goner was more reassuring and said that Twitter was actively working to root out security breaches on the network. That said, he was quick to point out that no surprise airdrops were on the agenda in order to encourage his community to remain attentive.
For several months, the NFT ecosystem has not been spared from attacks and scams of various types. The latter mainly consist of selling tokenised versions of artworks without the artist’s permission. Wash trading is also widely practiced and aims to artificially increase the value of an NFT by bidding on it from a secondary account.
In the case of Yuga Labs, it is clear that methods that were thought to be outdated are still the most formidable. Despite the security offered by the Ethereum blockchain, on which the studio’s collections are based, phishing via a social network seems to be enough to open a breach for hackers.
The lack of vigilance of aggrieved Ape holders and the flaws of Web 2.0 networks could therefore be the new thorn in the side of NFTs creators and platforms.
