NFTs at Yuga Labs stolen by hack – security measures not sufficient?
Originally posted here.
Yuga Labs has become famous with NFT projects like Bored Ape Yacht Club and ApeCoin (APE). Now a hack is startling the scene and casting […]
Yuga Labs has become famous with NFT projects like Bored Ape Yacht Club and ApeCoin (APE). Now a hack is startling the scene and casting doubt on the security precautions at Yuga Labs.
Anyone who invests in the NFTs division has probably heard of Yuga Labs. The creative studio is responsible for the successful Bored Ape Yacht Club (BAYC) project, among others, and also secured the trademark rights for CryptoPunks in March. With ApeCoin (APE), Yuga Labs initiated a cryptocurrency that is to prove its worth in an upcoming metaverse called Otherside. In short, Yuga Labs is a big deal in the NFT scene – and therefore a hack there is worrisome.
However, NFTherder recently reported just such a hack via Twitter . Official channels of Yuga Labs at Discord were hijacked and successfully used for phishing. The attacker(s) were able to capture NFTs worth the equivalent of around 360,000 US dollars and an additional 145 Ethereum (ETH) worth around 260,000 US dollars. Bored Ape Yacht Club took eleven hours to acknowledge the attack via its official Twitter account . For the most part, the incident was not mentioned at all on other Yuga Labs channels.
As it turned out, the hackers were able to take over the Discord account of Boris Vagner, who has been leading the community management for Bored Ape Yacht Club and Yuga Labs since February. A bonus promotion was now advertised under this trusted name, which required proof of qualified NFTs and transaction fees in Ethereum. Those who participated there became victims. NFTherder, like others, thinks that Yuga Labs should have secured its Discord servers better to prevent such an attack. Yuga Labs co-founder Gordon Goner simply counters that : Discord is not suitable for Web3, a more secure platform is needed.
Conclusion: Yuga Labs fails in security and communication
Yuga Labs’ Discord sites have been subject to phishing attacks in the past, so it remains a mystery why the studio has not added an additional layer of security. Yuga Labs’ communication policy has also repeatedly attracted criticism, for example during the launch of NFTs for Otherside with ApeCoin. Yuga Labs urgently needs to make adjustments in these areas in order to avoid further damaging the trust of the community.