Are there any links between the hacks of many NFT projects on Discord?

An analysis of recent hacks targeting non-fungible token (NFT) projects carried out through the social media platform Discord shows that many of them are part of a larger series of attacks, according to the blockchain intelligence firm TRM laboratories.

Source: AdobeStock / Pixel Hunter

These attacks have increased rapidly over the past three months, and the NFT community has lost no less than $ 22 million since May 2022.

Last June, phishing attacks related to NFT minting scams conducted via compromised Discord accounts increased by 55% compared to May 2022, the company researchers said in a recent article.

TRM Labs said that one of the hacks that could be related to other similar exploits is the one they hit Yuga Labsthe company behind the collection Bored Ape Yacht Club (BAYC).

“Yuga Labs’ Discord servers were hacked on June 4th later BorisVagner.ETH, social manager of Yuga Labs, confirmed that his Discord account has been compromised. While in control of the account in question, the hacker posted promotional material on the account’s Discord community, “according to the report.

Researchers from the company said a review of attacks carried out via compromised accounts on Discord’s NFT servers targeted, while an analysis of on-chain and off-chain data suggests that a dozen of these recent breaches are likely related. .

Additionally, some of these linked accounts include those of well-known NFT Discord projects such as BAYC, world of bubbles, Parallel, Lacoste, Flavors, Anat and others, they said.

Based on its findings, TRM Labs concluded that many Discord attacks target NFT projects that exhibit similar patterns of behavior. Hackers use a variety of tactics to scam Discord users, including:

  • the implementation of sophisticated social engineering techniques, such as phishing and fraudulent accounts pretending to be an administrator;
  • exploit bot vulnerabilities, such as the Mee6 bot, which allows administrators to automatically assign and remove roles and send messages to the community;
  • in some cases, hackers have even updated admin settings in an attempt to prevent Discord moderators from interfering with their criminal operations.

The report found that,

“Hackers’ messages to users attempt to exploit the sense of urgency typically associated with NFT creation events, urging users to act quickly so they don’t miss out on a free gift or limited inventory.”

TRM Labs argues that as NFT projects strive to harden the security of their platforms and servers, and as law enforcement and other groups step up their work to prevent attackers from performing future exploits, people should also take steps to protect themselves. .

“Know common attack vectors, including platforms like Discord, and common tactics of malicious actors, including phishing using language that induces [peur de manquer] FOMO will help mitigate the risk of falling victim to these scams, “the researchers conclude.

Follow our affiliate links:

  • To buy cryptocurrencies in the SEPA zone, in Europe and French citizensvisit Coinhouse
  • To buy cryptocurrency in Canadavisit Bitbuy
  • To generate interest with your bitcoinsgo to the BlockFi website
  • To protect or store your cryptocurrenciesyou get Ledger or Trezor wallets
  • To trade your cryptocurrencies anonymouslyinstall the NordVPN app

To invest in cryptocurrency mining or masternodes:

To accumulate coins while playing:

  • In poker on the CoinPoker gaming platform
  • To a global fantasy football on the Sorare platform

Stay informed with our free weekly newsletter and to our social networks:

Leave a Comment