The Discord server of the Bored Ape Yacht Club (BAYC) was hacked on Saturday, with the attacker capturing NFTs worth 200 ETH ($360,000), according to Yuga Labs.
The hack took place after the project's community manager, Boris Vagner, had his Discord account compromised, which the attacker then used to post phishing links on both the official BAYC channel and the Discord channel of the associated Metaverse project called Otherside.
News of the hack was first reported by Twitter user NFTherder, who estimated that 145 ETH (about $260,000) was stolen along with the NFTs, with the stolen funds traced to four different wallets.
Yuga Labs later confirmed the news in a tweet of its own, stating that the incident is still under active investigation. This came 11 hours after NFTHerder's tweet.
Vagner is also the manager of his brother, Grammy Award-winning multi-instrumentalist Richard Vagner, who co-founded an NFT fantasy soccer club with Boris called the Spoiled Banana Society (SPS). The attacker also posted a phishing link to the SPS Discord channel, although the message was subsequently deleted, Richard said.
"Hey @everyone, we got hacked an hour ago, hopefully no one clicked on any links," Richard Vagner said in a Discord message at 9 UTC. "We've regained control of Discord and Boris' account, thank God he didn't delete the whole server."
It's unclear if anyone in the SBS channel was affected, though Richard has requested information from Discord members about the attack.
"We're going to restore all the tabs in the next few days and let us know if there's anything else he tampered with," he said.
The Vagners also run a record label called Metaverse Records. In the same SBS Discord message, Richard independently confirmed that BAYC and Otherside Discords were also "hacked."
"pls stay safe," he said.
This is the third time a malicious actor has been able to impersonate an account operated by Yuga Labs to steal users' funds. The first time this happened was on April 1, when Mutant Ape Yacht Club #8662 was stolen through a phishing link posted on the project's Discord.
Last week, actor Seth Green became a prominent example of the kind of phishing methods rampant in the NFT sector when someone successfully scammed him out of his Bored Ape.