Bored Ape Yacht Club (BAYC) creator Yuga Labs has warned there may soon be a “coordinated attack” targeting multiple non-fungible token (NFT) communities.
The NFT company told its Twitter followers on July 19 that its security team has been tracking a “persistent threat group” targeting the NFT community through compromised social media accounts, urging followers to be on the lookout.
Our security team has been monitoring a persistent threat group that targets NFT communities. We suspect that they will soon launch a coordinated attack on multiple communities using compromised social media accounts. Keep safe and vigilant.
— Yuga Labs (@yugalabs) July 18, 2022
This isn’t the first time the company has warned its community of a possible social media-led attack by hackers.
Not the first, but not the last
Gordon Goner, pseudonymous founder of Yuga Labs, warned of an incoming attack on the company’s Twitter accounts in June.
Twitter officials soon began to monitor the accounts and increased their security. Goner informed investors that the company would not conduct surprise mints, which is a popular way for attackers to lure victims.
Two official Discord channels linked to BAYC were compromised during the month, allowing scammers access to various phishing links into Mutant Ape Yacht Club, BAYC, and otherSide groups on Discord.
Cointelegraph asked Yuga Labs for more details about the “persistent threat group” and the potential attack but did not receive an immediate response.
Premint NFT website hacked
Yuga Labs’ latest warning comes just days after Premint NFT was compromised by threats actors. The hackers stole 314 NFTs as well as $375,000 worth of Ethereum (ETH), making it one the biggest NFT hacks to date in 2022.
Premint is an NFT Whitelisting Service that allows NFT artists to quickly reach a large number NFT Collectors. It whitelists them for new NFT Projects. NFT services platform boasts over 12,000 NFT projects, and a database of more that 2.4 million collectors.
According to blockchain security firm Certik, the thefts occurred on Sunday after hackers inserted malicious code into Premint’s website.
The code created a pop-up that prompted users to verify their wallet ownership but instead gave hackers the permissions necessary for them to transfer NFTs from their victim’s wallets.
Related: NFT, DeFi and crypto hacks abound — Here’s how to double up on wallet security
Six wallets were among those that fell victim to the attack. They contained NFTs including Bored Ape Yacht Club and Otherside, Oddities and Goblintown.
Premint said it would continue to “dig into the incident” and reminded users that they would never be asked to sign any kind of transaction on the platform.
While we are still investigating this incident, here is a reminder:
❌ You will NEVER, EVER be asked for approval of any type of transaction on PREMINT.
✍️ When connecting a wallet, you’ll be asked to *sign* a message, but there will NEVER be a gas fee or anything resembling a transaction.
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 18, 2022
The platform has also changed in light of the attack, allowing users to log in without their wallets — which they claim will be safer and more convenient.