Bored Ape Yacht Club Discord Server Hacked After Exploiting Ticket Tool


Key points to remember

  • Discord servers for Bored Ape Yacht Club and several other NFT collections were compromised on Friday morning.
  • A hacker has exploited an update to the widely used Ticket Tool bot to post fake knockoff links.
  • The hacker stole at least four NFTs from the Bored Ape, Mutant Ape and Doodles collections.

Share this article

Several Discord servers, including that of the Bored Ape Yacht Club, have been compromised. Hackers appear to have exploited a recent update to the Ticket Tool Discord bot to post phishing links to multiple servers.

Lost NFTs through Discord Hack

A Discord-related security breach resulted in the theft of high-value NFTs.

Discord servers for Bored Ape Yacht Club, Doodles, and several other important NFT collections were compromised early Friday morning, leaving the NFT community in shock.

A post appeared on the Bored Ape server at 6:19 UTC informing users of a new “Mutant ape Kennel Club” collection and posting a fake hitting link. Unsuspecting users who clicked on the link signed transactions that gave the hacker the right to transfer their NFTs from their wallet. Despite the unfortunate moment, it wasn’t an April Fool’s joke – the hacker had managed to find an exploit in a popular Discord bot to infiltrate servers and post links in restricted channels without permission. server administrator.

The hacker’s fake Discord post. Source: @cubedmeta

The pirate too job a similar message in the Doodles Discord server, notifying users of a new “Genesis Mint” with a limited supply. Like the Bored Ape Discord post link, those who clicked on it and tried to hit would have the NFTs in their wallet transferred by the hacker.

The official Bored Ape Yacht Club Twitter account quickly informed supporters of the attack. “A webhook in our Discord was briefly compromised. We caught it immediately, but please know that we are not doing any stealth mint April Fools / airdrops etc,” reads the message.

NFT enthusiast and DAPE co-founder SerpentAU originally posted on Twitter that the compromised servers were due to the owner of the widely used Discord Captcha Bot being hacked, citing “inside information” received from one of the hackers. However, later they confirmed that an exploit with another Discord bot, called Ticket Tool, allowed hackers to infiltrate servers that used it. In response to the message from SerpentAU, the official Twitter account of Ticket Tool declared that the update that caused the exploit had since been rolled back.

According to blockchain security firm PeckShield, at least one Bored Ape, one Mutant Ape, and two Doodles NFTs were stolen by the hacker. Transaction data shows that the hacker has since sold or transferred all four NFTs.

Today’s incident is not the first time that collectors have lost NFTs and cryptocurrencies due to compromised Discord servers. In February, members of the Doodles Discord server fell victim to phishing links when a bot server was hacked, causing multiple members to lose their Doodles NFTs.

However, the thefts of high-value non-fungible assets have not been limited to Discord. Also in February, a phishing email scam sent to OpenSea users resulted in over $3 million worth of NFTs being stolen from collections such as Bored Ape Yacht Club, Doodles and Azuki.

As NFTs increase in value, their owners will likely continue to be targets of scams. Those who operate Discord servers will need to take extra precautions to protect their communities from further attacks.

Disclosure: At the time of writing this article, the author owned ETH and several other cryptocurrencies.

Share this article


About Author

Comments are closed.