• NFT scams pile up on Discord
• Bored Ape Yacht Club & Co. among the targets
• Notes on connections between hacks
NFT scams on Discord are on the rise
The messaging service Discord is becoming increasingly popular. Originally created for online gaming, the platform that allows users to communicate with each other via text, voice and video has expanded to include many more users with the emergence of several NFT projects in recent months. In this way, developers of the projects and fans of non-fungible tokens network with each other and exchange information. According to a report by cryptocurrency security firm TRM Labs, the application is increasingly becoming a target for hackers. “In June 2022, phishing attacks related to NFT mining scams conducted through compromised Discord accounts increased by 55 percent compared to the previous month,” TRM Labs said in a statement. Since May alone, the Discord servers for such projects have been attacked by cybercriminals more than 150 times, according to data from TRM Labs’ Chainabuse platform. This is said to have caused the NFT community a loss of around 22 million US dollars since then.
Buying Bitcoin is quite complicated and time consuming.
»Here you can easily buy and sell Bitcoin
Attack on Bored Ape Yacht users
In early June alone, 40 projects were attacked, including Swampverse, RunBlox, and SODA. Yuga Labs’ Bored Ape Yacht Club, one of the most popular NFT collections featuring AI-generated images of cartoon monkeys, was attacked for the second time on June 4, according to TRM.
The NFT community has suffered more than 150 compromises targeting NFT projects’ Discord servers since May 2022. A sampling… (1/2) pic.twitter.com/cEdPaV5mQI
– TRM Labs (@trmlabs) 25 July 2022
The Discord account of Yuga’s social manager Boris Vagner, known in the community by the pseudonym BorisVagner.ETH, is said to have been compromised. After the hacker took over Vagner’s account, he shared messages pointing to supposed giveaways where users would get tokens for free. According to the scammer, interested parties only need to open the attached link. Clicking on this caused victims to link their wallets, allowing attackers to implement an NFT authentication mechanism and gain control of the digital collection containers. The hackers then removed the NFTs from the compromised wallets. Not only tokens from victims of the Bored Ape Yacht Club community, but also those from other users who fell for the scammers on similar Discord servers were then transferred to a single wallet, according to TRM. This then contained an extensive collection of NFTs from 18 projects including BAYC, Mutant Ape Yacht Club, OthersideMeta and MekaVerse.
Users were pressured
If the hackers couldn’t take over the well-known developers’ Discord profiles, they apparently used social engineering tricks to encourage their victims to open the malicious links. For example, they pretended to be administrators and blocked the intervention of actual moderators. The hackers also stressed in the messages to the users that quick action is required so that they can secure free NFTs. In one case reported on Chainabuse, the scammer “safran_eth” wrote that only 117 of the tokens were still available, meaning that the link should therefore be clicked quickly.
The target of the scam is often said to have been users who already had valuable NFTs.
Possible connection between the cases
Based on the similar pattern, and the fact that one of the wallets used in the scam was able to capture NFTs from multiple projects, TRM Labs suspects that a large number of the cases can be traced back to the same hacker – or a group of hackers.
…of TRM’s analysis indicates that dozens of these attacks are likely related. In the recent Yuga Labs exploit, a consolidation wallet used by the attacker was linked to wallets with direct exposure to other May and June compromises. Read the report: https://t.co/YFR7G4rkaH (2/2) pic.twitter.com/0GV0tKxEYI
– TRM Labs (@trmlabs) 25 July 2022
The stolen NFTs were then transferred from the hacker’s wallet to an NFT marketplace where they were traded for ether. The resulting sum is said to have largely been moved to three other wallets, from where it was then split into Tornado Cash and other wallets. The funds were then transferred to Bitcoin and paid out through various decentralized services and darknet platforms. TRM Labs came to these conclusions using the TRM Forensics investigative tool. One of the three intermediate wallets is also said to be linked to similar scams that took place in May and June 2022. Another wallet used by the hackers was also used in other Discord account compromises.
However, it is also conceivable that several different hackers or hacker groups implement several scams and not just one single actor is responsible for all attacks. In this way, fraudsters could copy and repeat the strategies of their competitors.
How NFT fans can protect themselves from scams
But how can users protect themselves against the attacks? Finally, although the projects may increase the security of their platforms and servers, the attacks were carried out through the Discord application. Therefore, the focus is especially on the actions of individuals. “Knowing about common attack vectors, including platforms like Discord, and common tactics used by threat actors, including phishing attacks that use FOMO-inducing language, will help reduce the risk of falling victim to these scams,” it said in the TRM Labs report. The Web3 organization “Surge” recommends disabling private messages on Discord in general or for individual servers. If you add another user to your friends list, private messaging is still possible, but this can create a first barrier against scammers. In addition, it is recommended to enable 2-factor authentication (2FA). When registering, the user must verify himself by entering a code that can be downloaded from e.g. a smartphone.
You can also protect yourself from social engineering by taking the time to read the news to spot inconsistencies, check them for veracity, and only trade within the framework of your own portfolio strategy. In many NFT communities, there may also be references to current scams, Surge continues.