Key Takeaways:
- Club 721’s discord account was hacked on April 11th, 2022, where the hackers gained access to the accounts of an admin and several mods.
Club721 is a trading group that enables and empowers its members with proprietary tools and complete information. It is committed to becoming one of the most influential NFT ecosystems in the metaverse by offering 721 Tools, 721 DAO, 721 Gallery, 721 Art, 721 Incubator, and 721 Guild. Its membership is a lifetime for its NFT holders.
Timeline
Firstly, Discord Admin Named snipegunner-721 notified about this Attack on the Discord Announcements. Here, he has advised the members that Quaizuh and some mods got hacked, wait will we store the discord server. Don’t click any strange links.. This was around 12:29 PM IST on April 11th, 2022.
Then after 2 hours, another Discord Admin, i.e., asleep and hates money notified in the group announcements that the hackers gained access to the accounts of an admin and several mods. Within a few minutes, the team identified the compromise and removed the hacked individuals. Attackers made several announcements with a scam link that several people connected to and lost their assets.
During this period, the hackers created roles to prevent team members from seeing several messages being sent. The hackers then proceeded to delete several channels from the server and messages in announcements sent by team members.
What was the reason for this attack?
So, firstly Three mods (Moko#6666, Whale#6197, and Smart Bobby#1952) appear to have been victims of the bookmark hack. The hacker (@camren) reached out to them via collab-tickets, including a link to his fake discord.
This is a bookmark hack where an attacker steals one’s discord token. Our mods were restricted from posting in announcements, but the hacker used the hacked mods’ discord tokens, which bypass 2FA, to login and use their mod rights to create a role to bypass the restriction on posting in announcements.
The hacker then impersonated Quaizuh, using the same pfp, faking the username (Quaizuh#5412) and creating a role called “new role” that looked like the Head Contributor role in order to add legitimacy to the minting link he ended up posting in announcements.
What are the steps taken after this attack?
The compromised team members have reinstalled applications, updated passwords, and disconnected sites/bots before rejoining the server. The team is in the process of updating the security of the server.
For those affected by the hack, the team will be unable to reimburse assets lost but is working on creating a process to support them. The team has also reminded the members that they will never send mint links in announcements. Also, today around 2:32 AM, snipegunner-721 has told all the members to reverify themselves in the group.
