NFT Thefts: Discord Servers Increasingly Hit by NFT Scams – Including Bored Ape Yacht Club | news

NFT scams are piling up on Discord
Bored Ape Yacht Club & Co. among the targets
Notes on connections between hacks

NFT scams on Discord are on the rise

The Discord messaging service is growing in popularity. Originally created for online gaming, the platform that allows users to communicate with each other via text, voice and video has expanded to include many more users with the emergence of several NFT projects in recent months. In this way, developers of the projects and fans of non-fungible tokens network with each other and exchange information. According to a report by cryptocurrency security firm TRM Labs, the application is increasingly becoming a target for hackers. “In June 2022, phishing attacks related to NFT mining scams conducted through compromised Discord accounts increased by 55 percent compared to the previous month,” TRM Labs said in a statement. Since May alone, the Discord servers for such projects have been attacked by cybercriminals more than 150 times, according to data from TRM Labs’ Chainabuse platform. This is said to have caused the NFT community a loss of around 22 million US dollars since then.

advertising

Trade Bitcoin and other cryptos with leverage (long and short)

Bitcoin and other cryptocurrencies have recently corrected significantly. Trade cryptos like Bitcoin or Ethereum with leverage at Germany’s No. 1 CFD provider and participate in rising and falling prices.

Plus500: Please note the information5 to this ad.

Attack on Bored Ape Yacht users

In early June alone, 40 projects were attacked, including Swampverse, RunBlox and SODA. Yuga Labs’ Bored Ape Yacht Club, one of the most popular NFT collections featuring cartoon monkey images generated by artificial intelligence, was attacked for a second time on June 4, according to TRM.

The Discord account of Yuga’s social manager Boris Vagner, known in the community by the pseudonym BorisVagner.ETH, is said to have been compromised. After the hacker took over Vagner’s account, he shared messages pointing to supposed giveaways where users would get tokens for free. According to the scammer, interested parties should only open the attached link. Clicking on this caused victims to link their wallets, allowing attackers to implement an NFT authentication mechanism and gain control of the digital collection containers. The hackers then hijacked the NFTs from the compromised wallets. Not only tokens from victims of the Bored Ape Yacht Club community, but also those from other users who fell for the scammers in similar Discord servers were then sent to a single wallet, according to TRM. This then contained an extensive collection of NFTs from 18 projects including BAYC, Mutant Ape Yacht Club, OthersideMeta and MekaVerse.

Users were pressured

If the hackers couldn’t take over the well-known developers’ Discord profiles, they apparently used social engineering tricks to encourage their victims to open the malicious links. For example, they pretended to be administrators and blocked the intervention of actual moderators. The hackers also stressed in the messages to the users that quick action is required so that they can secure free NFTs. In one case reported on Chainabuse, the scammer “safran_eth” wrote that only 117 of the tokens were left, meaning that the link should therefore be clicked quickly.

The target of the scam is often said to have been users who already had valuable NFTs.

Possible connection between the falls

Based on the similar pattern, and the fact that one of the wallets used in the scam was able to capture NFTs from multiple projects, TRM Labs suspects that a large number of cases are the work of the same hacker – or a group hackers.

The stolen NFTs were then transferred from the hacker’s wallet to an NFT marketplace where they were traded for ether. Most of the money raised was then moved to three other wallets, from where it was then split into Tornado Cash and other wallets. The funds were then transferred to Bitcoin and paid out through various decentralized services and darknet platforms. TRM Labs came to these conclusions using the TRM Forensics investigative tool. One of the three intermediate wallets is also said to be linked to similar scams that took place in May and June 2022. Another wallet used by the hackers was also used in other Discord account compromises.

However, it is also conceivable that several different hackers or hacker groups implement several fraud schemes and not just one single actor is responsible for all attacks. This allows fraudsters to copy and replicate their competitors’ strategies.

How NFT fans can protect themselves from scams

But how can users protect themselves against the attacks? Finally, while the projects are able to increase the security of their platforms and servers, the attacks were carried out through the Discord application. Therefore, the focus is especially on the actions of individuals. “Knowing about common attack vectors, including platforms like Discord, and common tactics used by threat actors, including phishing attacks that use FOMO-inducing language, will help reduce the risk of falling victim to these scams,” it reads in the TRM Labs report. The Web3 organization “Surge” recommends turning off private messages on Discord in general or for individual servers. If you add another user to your friends list, private messaging is still possible, but this can create a first barrier against scammers. In addition, it is recommended to enable 2-factor authentication (2FA). When registering, the user must verify himself by entering a code that can be downloaded from e.g. a smartphone.

You can also protect yourself from social engineering by taking the time to read the news to spot inconsistencies, check them for veracity, and only trade within the framework of your own portfolio strategy. In addition, many NFT communities can be found references to current scams, Surge continues.

Editor finanzen.net

Featured Geared Products on DiscordWith knock-outs, speculative investors can participate disproportionately in price movements. Simply select the desired leverage and we’ll show you suitable open-end products on Discord

Gearing must be between 2 and 20

No data

Image Credits: Sergei Elagin / Shutterstock.com, Konstantin Savusia / Shutterstock.com

Leave a Comment