This morning a Twitter user named larrylawliet.eth got trapped in the MoshiMochiNFT’s Discord hack. According to the user, the discord of MoshiMochiNFT was hacked. Moshi Mochi issued an announcement a few hours ago to the mint at the final round and the user clicked the mint link because it was released by the official discord account. The user mint about 40 or 50+ Moshi NFTs, and then it was hacked. The user lost more than 1000 ETH.
MoshiMochiNFT informed their user about this scam through their Twitter account. According to their Tweet, their core team’s discord was compromised earlier and a fake mint link was sent out on their discord. They are currently addressing the state of the situation and will update everyone shortly. They said they will make sure everyone gets taken care of.
They further gave updates about this incident through Threads. Accordingly, they will be reimbursing all the minted transactions that were affected by the scam today. They have uploaded a form in their discord for those looking to get reimbursed. They have also found the root of the issue.
Moshi Mochi further explained this incident through some more Threads. They said one of their core team members was contacted via DM where he was talked into joining another project with a CLOSED discord. In this instance, it was beanbag frens discord. They try to talk you into the team by giving you a big cut and also a weekly pay just for modding/ managing.
Further, they said that the scammer proceed to tell you that they can add you and the team into their whitelist, and then send over a fake site. According to Moshi Mochi core team member, the site had an option where you had to drag a bookmark onto discord to ‘gain whitelist status’ and get into the server.
The next Thread said that afterwards, they failed to review the audit logs of that moment and the hackers were able to take over Moshi Mochi’s discord while the core team was asleep. This will be the first and last time this happens and moving forward Moshi Mochi will be upping security all around discord.
A few days back a similar incident happened with LittlelemonsNFT. They explained how this whole incident is happening on their Twitter handle. According to LittlelemonsNFT a scammer first chooses one of your team members (the target). Then the scammer goes into another discord server that the target is in and then the scammer tricks the other discord to ban the target by impersonating the target, pretending to scam community members for the other discord.
After seeing the target has been banned from the other discord, the scammer then impersonates as a mod from that discord & reaches out to the target via DMS. The scammer asks the target to prove innocence. Since the target sees that he/she was indeed banned from the other discord, this leads the target to believe that the scammer is a real mod. The scammer does some social engineering such as fake photoshopped discussions with other discord’s team members about the target’s ban.
Further the scammer gets on a discord call with the target and eventually gets the target to screen share. Then the scammer tells the target to open inspect element by pressing ctrl+shift+i. Inspect element has a discord token that scammers can use to take full control of the target’s disc account ^BYPASSES 2FA + passwords.
According to LittlelemonsNFT NEVER share your screen. Turn off your webhooks. The mod that got compromised had an admin role for server maintenance which allowed the scammer to turn on webhooks. A scammer/hacker can bypass discord 2fa by obtaining one’s discord key/token from the console.