- Chain Abuse received over 100 filings of Discord channel hacks in the last two months.
- Since May 2022, the NFT industry has suffered a loss of about $22 million, according to TRM Labs’ data.
- At least ten NFT Discord channels were compromised on a single day in June, including the famous Bored Ape Yacht Club.
Hackers have targeted Discord, the social media platform used by many well-known NFT projects, with frightening frequencies in the past few months. In the last two months alone, Chain Abuse received over 100 fillings of Discord channel hacks.
Blockchain intelligence reporting platform TRM Labs reported this figure on July 25, 2022. According to the report, phishing attacks linked to NFT minting scams deployed through compromised Discord accounts increased by 55% in June compared to the previous month. At least ten NFT Discord channels were compromised on a single day in June, including the famous Bored Ape Yacht Club (BAYC), which encountered multiple attacks on June 4.
Since May 2022, the NFT industry has suffered a loss of about $22 million, according to TRM Labs’ data.
TRM Labs said the fraudsters used sophisticated social engineering to pretend to be an administrator or exploit bot vulnerabilities. In some instances, the attackers could update administrator settings to ban Discord moderators from interfering with their operations.
Here’s an example of how scammers attempted to lure Discord channel members into clicking malicious links.
For instance, when the social manager at Yuga Labs had his verified Discord account compromised, the hackers targeted users already holding valuable NFTs, advertising a “BAYC, MAYC, and Otherside Exclusive” giveaway.
Unknown to potential buyers, upon sending the fraud minting fee in ETH, the transaction also compromised their wallets, adding a “setApprovalForAll” or similar call function to their wallets. This enabled the attackers to wipe out their entire NFT holding.
TRM’s internal investigations unit followed the movement of the stolen Yuga Labs’ NFTs to a marketplace where they sold them for ETH. They discovered that the thief sent the majority of proceeds into Tornado cash to evade captivity.