Rise of crypto scams on Twitter: back to the most common

Beware of hackers – Faced with the rise of cryptocurrencies, many hackers and scammers have become interested in this ecosystem. Thus, the latter double their ingenuity to capture their victims. More and more different scams are popping up and no momentary inattention is allowed for holders of cryptocurrency.

The Aristrocrats Project Discord Server Hack

A few weeks ago, the NFT project strategist arrived Aristocrats returned to Twitter on the hack he was subjected to. An event that highlights several practices of Web3 scammers and hackers, so why not prevent this mishap from affecting other users.

Thus, on 1 July, Reycsn released one thread to return to Discord account hack.

Thread Submitted by Reycsn.

His accident begins on June 30, when someone contacts him to offer him a job for an NFT project. So far, Reycsn says he is flattered by the offer and sees no warning signs of his trade.

Trapped in the work, he leaves the conversation on hold before he becomes interested in it again late at night around 1 p.m. By going to the project’s Discord, it still does not perceive any warning sign on the scam. In fact, Discord has 13,000 members and works quite well cleanfirm.

Like most Discord servers, this one has security to manage access. Thus one QRCode is presented on Reycsn which he must scan with his Discord application. An action which he finds “not shocking” and which he performs without asking himself any more questions.

After hanging around a bit on the server, the latter decides to go to bed without suspecting what was going to happen. During the night, he is awakened by other members of the project, and the sentence falls: Aristocrat’s Discord server has been hacked.

As often, this hack comes with one phishing link aimed at stealing NFT holders of NFT Aristocrats.

>> Do not get caught in bait. Register on the LiteBit regulated platform instead (associated link) <

It only took one QR code

In fact, when he scanned the QR code, Reycsn allowed the attacker to log in to his Discord account. Once in possession of the account, he was able to add his own account as administrator and take over all rights on the server. He took the opportunity to send his phishing message and ban all Discord moderators.

When members of the Aristrocrats team tried to regain control of the server, the attacker deleted the entire chat channels as a last resort.

After several attempts, the teams finally managed to regain full strength and restore Discord.

Discord: the new hunting ground for hackers

Unfortunately, this story is far from isolated. During the month of June, there is thus more than one hundreds of Discord servers for NFT projects that have been victims of attacks of this type.

The Internet user @NFTHerder listed them carefully. The list includes many major projects such as the Bored Ape Yacht Club or the Lacoste project.

List of Discords hacked in June.
List of Discords hacked in June.

Each time, the attacker managed to recover an administrator account and used it to carry out a phishing attack.

Twitter PDF file scam

Unfortunately, this is not the only scam affecting the NFT ecosystem. In fact, many artists have also been hit by attacks aimed at steal their cryptocurrencies and NFTs.

Security analyst @Serpent has also recently published one thread explains one new type of attack.

The PDF file scam, another example of a crypto scam
PDF file scam.

In this scam, a user will thus contact the NFT artists on Twitter and claim a job offer.

After praising the artist’s merits for getting him to lower his guard, the scammer send a PDF indicating the details of the proposed mission.

Apart from that in reality, though, the downloaded file seems to have the extension .pdf it is actually a file screen saver in .scr which contains a script to infect the victim’s machine.

Once the attacker is infected, he can recover all the user’s cryptocurrencies and NFTs.

“How did he do that?” A simple extension poof. He changed the file name and added .pdf at the end, then changed the file icon to a PDF icon. It also filled the file with unwanted code to exceed the maximum size of 650 MB specified by VirusTotal. »

Now let’s look at some good practices to protect yourself as much as possible from hackers.

First, perhaps the most obvious, but still very poorly used protection, namely to do not save their private keys in plain text on their computer. Thus, even if the hacker succeeds in infecting the computer, it will not have direct access to your private keys.

The attack presented by @Serpent makes it possible to suggest several security checks to be performed systematically:

  • Do not download and / or open received files by unreliable third parties;
  • Still check the file extension downloaded before opening it.

In turn, the misadventure of the aristocrats makes it possible to raise other good practices:

  • Have a non-professional Discord accountto avoid linking his pro account to his personal activities;
  • Avoid making decisions late at night. This is a time when inattention is important, conducive to hackers.

And as always, if the deals are too tempting, it’s probably scams.

Another one scam has been going on a lot lately on Twitter, that of the “student purse”. Thus, a user will send you private keys and ask you to perform a transfer for him. Its purpose is to deduct funds that you want to send to the address to pay transaction fees.

Avoid too-good-to-be-true offers like the plague and get into the habit of being healthy with suspicion. On the other hand, learn to place reasonable trust in respectable and recognized actors in the ecosystem. Sign up now on the LiteBit platformyou will receive € 20 as a welcome gift (attached link).

Leave a Comment