Increased NFT scams on Discord servers – also affected Bored Ape Yacht Club | 08/10/22

Attacks on NFT communities have recently been on the rise on the Discord messaging platform. According to the crypto security company TRM Labs, there are connections between the various scams. What’s behind it?

• NFT scams pile up on Discord
• Bored Ape Yacht Club & Co. among the targets
• Notes on connections between hacks

NFT scams on Discord are on the rise

The messaging service Discord is becoming increasingly popular. Originally created for online gaming, the platform that allows users to communicate with each other via text, voice and video has expanded to include many more users with the emergence of several NFT projects in recent months. In this way, developers of the projects and fans of non-fungible tokens network with each other and exchange ideas. According to a report by cryptocurrency security firm TRM Labs, the application is increasingly becoming a target for hackers. “In June 2022, phishing attacks related to NFT mining scams conducted through compromised Discord accounts increased by 55 percent compared to the previous month,” TRM Labs said in a statement. Since May alone, the Discord servers for such projects have been attacked by cybercriminals more than 150 times, according to data from TRM Labs’ Chainabuse platform. This is said to have caused the NFT community a loss of around 22 million US dollars since then.

Attack on Bored Ape Yacht users

In early June alone, 40 projects were attacked, including Swampverse, RunBlox and SODA. Yuga Labs’ Bored Ape Yacht Club, one of the best-known NFT collections featuring AI-generated images of cartoon monkeys, was attacked for the second time on June 4, according to TRM.

The Discord account of Yuga’s social manager Boris Vagner, known in the community by the pseudonym BorisVagner.ETH, is said to have been compromised. After the hacker took over Vagner’s account, he shared messages pointing to supposed giveaways where users would get tokens for free. According to the scammer, interested parties only need to open the attached link. Clicking on this caused victims to link their wallets, allowing attackers to implement an NFT authentication mechanism and gain control of the digital collection containers. The hackers then hijacked the NFTs from the compromised wallets. Not only tokens from victims of the Bored Ape Yacht Club community, but also those from other users who fell for the scammers on similar Discord servers were then transferred to a single wallet, according to TRM. This then contained an extensive collection of NFTs from 18 projects including BAYC, Mutant Ape Yacht Club, OthersideMeta and MekaVerse.

Users were pressured

If the hackers couldn’t take over the well-known developers’ Discord profiles, they apparently used social engineering tricks to encourage their victims to open the malicious links. For example, they pretended to be administrators and blocked the intervention of actual moderators. The hackers also stressed in the messages to the users that quick action is required so that they can secure free NFTs. In one case reported on Chainabuse, the scammer “safran_eth” wrote that only 117 of the tokens were still available, meaning that the link should therefore be clicked quickly.

The target of the scam is often said to have been users who already had valuable NFTs.

Possible connection between the cases

Based on the similar pattern and the fact that one of the wallets used in the scam was able to capture NFTs from multiple projects, TRM Labs suspects that a majority of the cases can be traced back to the same hacker – or a group of hackers.

The stolen NFTs were then transferred from the hacker’s wallet to an NFT marketplace where they were exchanged for Ether. Most of the money collected was then moved to three other wallets, from where it was then split into Tornado Cash and other wallets. The funds were then transferred to Bitcoin and paid out via various decentralized services and dark web platforms. TRM Labs came to these conclusions using the TRM Forensics investigative tool. One of the three intermediate wallets is also said to be linked to similar scams that took place in May and June 2022. Another wallet used by the hackers was also used in other Discord account compromises.

However, it is also conceivable that several different hackers or hacker groups implement several scams and not just one single actor is responsible for all attacks. In this way, fraudsters could copy and repeat the strategies of their competitors.

How NFT fans can protect themselves from scams

But how can users protect themselves against the attacks? Finally, while the projects can increase the security of their platforms and servers, the attacks were carried out through the Discord application. Therefore, the focus is especially on the actions of individuals. “Knowing about common attack vectors, including platforms like Discord, and common tactics used by threat actors, including phishing attacks that use FOMO-inducing language, will help reduce the risk of falling victim to these scams,” it said in the report from TRM Labs. The Web3 organization “Surge” recommends disabling private messages on Discord in general or for individual servers. If you add another user to your friends list, private messages are still possible, but this can create a first barrier against scammers. In addition, it is recommended to enable 2-factor authentication (2FA). When registering, the user must verify himself by entering a code that can be downloaded from e.g. a smartphone.

You can also protect yourself from social engineering by taking the time to read the news to spot inconsistencies, check them for their veracity, and only trade within the framework of your own portfolio strategy. In many NFT communities, there may also be references to current scams, Surge continues.


Trade forex now with up to 30 leverage


Trade forex with high leverage and small spreads. With only €100.00 you can benefit from the effect of €3,000 in capital! Get a bonus now.

77% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you can afford to take the high risk of losing your money.

Image source: Konstantin Savusia /, Sergei Elagin /

Leave a Comment