A number of Discord channels for some of the most popular Non-Fungible Token (NFT) projects have been hacked, with attackers attempting to scam users into giving away their cryptocurrencies and digital art.
Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz, have all had Discord accounts hacked and abused, reports claim.
On one of the channels, the fraudsters sent out this message: “Oh no, our dogs are mutating. MAKC can be staked for our $APE token. Holders of MAYC + BAYC will be able to claim exclusive rewards just by simply minting and holding our mutant dogs.”
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
Minting fake NFTs
The attackers tried to scam users into “minting” a fake NFT. The “minting” process is essentially a purchase, as the victims are required to send Ether (Ethereum cryptocurrency) to the fraudsters’ addresses. In some cases, they could even send their own NFTs, “wrapped” into a token.
The projects were quick to react and warn their users that some of their identities (opens in new tab) had been stolen, although it still isn't known if any specific endpoint (opens in new tab) was compromised, or how.
The Bored Ape Yacht Club Twitter account posted this message soon after the attack started: “STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.”
> Meta wants to make Instagram users suffer with NFT features soon - but why? (opens in new tab)
> Remember LimeWire? It's coming back as an NFT marketplace (opens in new tab)
> What is an NFT? Non-fungible tokens explained, and why you shouldn’t dismiss this fad (opens in new tab)
Along with blue-chip projects like BAYC, and Doodles, our server was also compromised today due to a recent large-scale hack," Nyoki tweeted, as well. "We have taken everything under control in less than 30 minutes.”
Vice reported that two wallets were identified as participating in the hack, and were labeled as Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan. The first account obtained one NFT, sold it, and sent almost 20 ETH to the second wallet. The second one then sent more than 60 ETH to a mixing service, to “launder” the tokens.
After that, the second wallet sent .6 ETH to two addresses - one inactive, and one with more than 1,400 ETH, and more than 6 million Tether coins.
- Keep your tokens secure with the best firewalls right now (opens in new tab)
Via: Vice (opens in new tab)