An analysis of recent hacks targeting non-fungible token (NFT) projects carried out via the social media platform Disagreement shows that many of them are part of a larger series of attacks, according to the blockchain intelligence firm TRM Labs.
These attacks have increased rapidly over the past three months, and since May 2022, the NFT community has lost no less than $22 million.
Last June, phishing attacks related to NFT minting scams conducted through compromised Discord accounts increased by 55% compared to May 2022, the company’s researchers said in a recent paper.
TRM Labs said that one of the hacks that may be related to other similar exploits is the one affected Yuga Labsthe company behind the collection Bored Ape Yacht Club (BAYC).
“Yuga Labs’ Discord servers were hacked on June 4th following BorisVagner.ETH, social manager at Yuga Labs, confirmed that his Discord account was compromised. While in control of the account in question, the hacker posted promotional material on the account’s Discord community,” according to the report.
The company’s researchers said that a review of attacks carried out through compromised accounts on Discord-targeted NFT servers, while an analysis of on- and off-chain data suggests that a dozen of these recent breaches are likely related.
Furthermore, some of these linked accounts include those of well-known Discord NFT projects such as BAYC, Bubble world, Parallel, Lacoste, Taste, Anata and others, they said.
Based on its findings, TRM Labs concluded that many attacks via Discord target NFT projects that exhibit similar patterns of behavior. Hackers use a wide variety of tactics to defraud Discord users, including:
- implementing sophisticated social engineering, such as phishing and fraudulent accounts pretending to be an administrator;
- exploiting bot vulnerabilities, such as the Mee6 bot, which allow administrators to automatically grant and remove roles and send messages to the community;
- in some cases, hackers have even updated admin settings in an attempt to prevent Discord moderators from interfering with their criminal activities.
The report found that
“Hackers’ messages to users attempt to capitalize on the sense of urgency typically associated with NFT creation events, urging users to act quickly so they don’t miss out on a free gift or limited inventory.”
TRM Labs argues that as NFT projects make efforts to tighten security on their platforms and servers, and as law enforcement and other groups step up their work to prevent attackers from carrying out future exploits, individuals should also take steps to protect themselves self.
“Know common attack vectors, including platforms like Discord, and common malicious actor tactics, including phishing, using language that induces [peur de manquer] FOMO, will help reduce the risk of falling victim to these scams,” the researchers conclude.
Follow our affiliate links:
- To buy cryptocurrencies in the SEPA zone, Europe and French citizensvisit Coinhouse
- Buying cryptocurrency in Canadavisit Bitbuy
- Generating interest with your bitcoinsgo to the BlockFi website
- To secure or store your cryptocurrenciesget Ledger or Trezor wallets
- To trade your cryptos anonymouslyinstall the NordVPN app
To invest in cryptocurrency mining or masternodes:
How to collect coins while playing:
- In poker on the CoinPoker gaming platform
- For a global fantasy football on the Sorare platform
Stay informed with our free weekly newsletter and to our social networks: