- Twitter User Serpent has identified a New NFT discord scam using QR codes.
Firstly, like any other scam, they hit us looking for a collaboration, a job offer, or something like that, then we are asked to verify ourselves.
We should keep in mind that this is a fake verified Wick bot. It will ask us to scan our QR code to verify.
Then, When we go on the discord login page, it has a “Log in with QR Code” option.
In this case, scammers use chrome drivers to open the login page, get the QR code image, then send it to the discord bot, asking people to verify themselves.
As soon as anyone scans the QR code, it logs the scammer in and instantly grabs the victim’s discord token, which provides access to the account and bypasses 2FA.
If our discord token is compromised, all we have to do is reset our password, and it will reset our token.
Twitter User Serpent has explained this attack in his Twitter Thread.
A prime example of this attack is on Club 721, which was hacked on April 11th, 2022. Here, the hackers gained access to the accounts of an admin and several mods. Here is the link of this attack where we can find more details.