NFT Projects Lost $22M To Same Discord Hackers

Based on an explanation by Chris Janczewski, head of global investigations at TRM Labs, Discord might not mainly have a weakness, but it is “just a very target-rich environment” for hackers.

TRM Labs, a Web3 security company, disclosed in a recent report that there has been a rising rate of attacks on Discord, a social media platform that is mainly used by nonfungible token (NFT) projects. Based on the report, the NFT community has lost nearly $22 million in the process since May 2022.

Furthermore, Chainabuse, which is a community-led scam reporting platform mainly operated by TRM Labs has seen at least 100 reports filed by victims in the past two months. In June, there was a 55% increase in phishing attacks. The attacks were linked to NFT minting launched via compromised Discord accounts.

An on-chain and off-chain data analysis suggests that there was a comparable pattern of behavior in most of these attacks. Some of the common tactics that are used include social engineering, which features phishing and fraudulent accounts that are operated by fake administrators.

Hackers Come Up With Ingenious Plans

Hackers also targeted bot vulnerabilities and in most cases banned Discord moderators from interfering with their hacking expeditions by updating administrator settings.

Off-chain and on-chain data analysis of 15 notable Discord vulnerabilities targeting NFT servers reveal that many of them are possibly related. Irrespective, the rate at which they happen and spread across many blockchain platforms they were primarily deployed by various threat actors. The report reads:

“The targeting of multiple blockchains—Ethereum-based projects as well as ones on Solana in recent weeks—indicates many of these Discord account compromises are likely run by a group of hackers or as a Scam-as-a-Service offering.”

TRM Labs also stated that one of the attacks that was linked to other threat actors is Yuga Labs, which is the creator of the iconic Bored Ape Yacht Club (BAYC) collection. On June 4, BorisVagner.ETH, the social manager at Yuga Labs had his account compromised.

The attackers then posted promotional materials to the Discord community. They then advertised “BAYC, MAYC, and Otherside EXCLUSIVE Giveaway,” to the users who were holders of valuable NFTs based on the Security company. They also offered a fraudulent link for users to send their minting fee in ETH.

This report revealed that the attackers acquired a fair number of valuable NFT projects. TRM Labs mentioned:

“In total, from a single exploit, the attackers acquired a diverse portfolio from 18 valuable NFT projects including Bored Ape Yacht Club, Mutant Ape Yacht Club, OthersideMeta, and MekaVerse.”