On the morning of April 1st, the Bored Ape Yacht Club Discord was hacked and there was an announcement posted about minting mutant dogs (BAKC) and staking it for $APE.
Users that clicked on the link would be taken to an external scam website that would let you mint an NFT and get you to sign a transaction with approvalAll permission that the hackers would then use to siphon off your most valuable NFTs from your wallet.
This was a coordinated hack and similar messages were posted in the DOODLES discord server along with 7 other discord servers.
Time issue was in effect: 2 hours Time to resolve issue once discovered: 45 mins (bug patched in TicketTool Discord bot)
All times are in CST
12:30am: BAYC Discord was hacked
12:52am: BAYC tweeted about it and locked down their server
https://twitter.com/BoredApeYC/status/1509770607759540229
1:46pm: TicketTool Discord Bot identified as the root cause
https://twitter.com/Serpent/status/1509784187154628614
2:34pm: The bug was patched in the TicketTool bot
https://twitter.com/Ticket_Tool/status/1509796229047275559
Looks like 3 discord bots were hacked or had a bug such that anyone (with just user roles) could create an assign webhooks to themselves. This allowed the hackers to above this webhook and post announcement messages in these discord sever trying to get users to go to their scam website.
A recent update I made to the add command had a bug allowing for some type of permission exploit.
From the creator of Ticket Tool Discord Bot: https://twitter.com/Ticket_Tool/status/1509796229047275559