Yuga Labs Says 'No Surprise Mints' After Warning Of Attacks On Projects, Social Media Accounts

KEY POINTS

Yuga Labs' BAYC, Otherside Discord was breached on June 5
The breach allowed attackers to steal around $256,000 worth of NFTs
The team removed the code that allowed users to mint BAYC NFTs infinitely

Yuga Labs, the blockchain technology company behind Non-Fungible Tokens (NFTs) and digital collectibles like the Bored Ape Yacht Collection (BAYC), said there will be "no surprise mints" after it received information about a potential attack on its projects and social media accounts.

Gordon Goner, the pseudonymous co-founder of Yuga Labs, took to Twitter to warn the public of an impending attack on the company and its projects. "We’ve received credible information that there may soon be an attack on our social media accounts, using an inside source at @Twitter to bypass our security," they tweeted.

Goner also told investors that Yuga Labs will not conduct any surprise mints – a wise decision considering that this is an ingenious method malicious attackers use to scam unsuspecting victims. "There are no surprise mints. Ever," the tweet read.

BAYC upcoming — Thumbnail of BAYC’s upcoming Metaverse the "Otherside." YouTube

The Yuga Labs co-founder also shared they have been in constant communication with Twitter and have escalated active monitoring of accounts and security. "We’re feeling more secure, but please stay safe everyone. And remember there will be no surprise mints," they added.

We’ve been in contact with Twitter and they confirmed that they have an active monitor on the accounts and security has been escalated. We’re feeling more secure, but please stay safe everyone. And remember there will be no surprise mints.
— GordonGoner.eth (@GordonGoner) June 12, 2022

The warning came after the company finally removed the dangerous code that allows users to mint BAYC NFT infinitely. If exploited, this could have flooded the market with BAYC digital collectibles, thereby lowering its floor price.

The single dangerous code was brought to Yuga Labs' attention a year ago by NonFungibles CEO Dan Kelly and was brought up again by an NFT developer who uses the Twitter handle foobar. "If the token contract owner (a personal wallet, not a multisig) gets hacked or phished, you might see thousands of new bored apes minted and dumped onto the market," the NFT developer noted.

"The contract owner has now been burned. While we’d been meaning to do this for a long time, we hadn't out of an abundance of caution. Felt comfortable doing it now. All done. In lay terms: The issue flagged in this article is now impossible," a Yuga Labs co-founder who goes by the Twitter handle EmperorTomatoKetchup tweeted.

The contract owner has now been burned. While we’d been meaning to do this for a long time, we hadn't out of an abundance of caution. Felt comfortable doing it now. All done.
In lay terms: The issue flagged in this article is now impossible.
— EmperorTomatoKetchup (@TomatoBAYC) June 7, 2022

One of the possible reasons why Yuga Labs finally removed the dangerous code was due to the hack on Discord servers on June 4, where malicious attackers stole over 145 ETH or approximately $256,000 worth of NFTs after gaining access to BAYC and Otherside Discords.

6/04
Discord accounts of @BoredApeYC & @OthersideMeta were compromised to post phishing links. The scammer stole more than 145 ETH or about $256,000. Shout out to @NFTherder for spreading awareness early.

Source: https://t.co/I8xtPsG9KP
— SlowMist (@SlowMist_Team) June 11, 2022