NFT Projects Lost $22M to Largely Same Hackers on Discord
A Web3 security firm, TRM Labs in a recent report disclosed that there has been a rising attack on Discord, a social media platform largely used by Non-Fungible Token (NFT) projects. According to the report, the NFT community has lost about $22 million in the process since May 2022. Also, Chainabuse, a community-led scam reporting platform operated by TRM Labs has seen over 100 reports filed by victims in the last two months. In June alone, there was a 55% surge in phishing attacks linked to NFT minting launched through compromised Discord accounts.
An on-chain and off-chain data analysis suggests that there was a similar pattern of behavior in most of the attacks. Some of the common tactics used are social engineering which includes phishing and fraudulent accounts operated by fake administrators. Hackers also exploited bot vulnerabilities and in most instances banned Discord moderators from interfering with their hacking activities by updating administrator settings.
On-chain and off-chain data analysis of 15 notable Discord compromises targeting NFT servers disclose that dozens of them are likely related. Regardless, the rate at which they occur and spread across multiple blockchain platforms shows they were deployed by different threat actors.
“The targeting of multiple blockchains—Ethereum-based projects as well as ones on Solana in recent weeks—indicates many of these Discord account compromises are likely run by a group of hackers or as a Scam-as-a-Service offering,” read the report.
TRM Labs also mentioned that one of the attacks linked to other threat actors is Yuga Labs, creator of the iconic Bored Ape Yacht Club (BAYC) collection. On June 4, BorisVagner.ETH, the social manager at Yuga Labs had his account compromised. The attackers then posted promotional materials to the Discord community. They advertised “BAYC, MAYC, and Otherside EXCLUSIVE Giveaway,” to users who were holders of valuable NFTs according to the security firm. They also provided a fraudulent link for users to send their minting fee in ETH.
The report disclosed that the attackers obtained a fair number of valuable NFT projects.
“In total, from a single exploit, the attackers acquired a diverse portfolio from 18 valuable NFT projects including Bored Ape Yacht Club, Mutant Ape Yacht Club, OthersideMeta, and MekaVerse,” TRM Labs mentioned.
According to Chris Janczewski, head of global investigations at TRM Labs, Discord may not necessarily have a weakness, but it is “just a very target-rich environment.”