NFT Minting Scams Through Compromised Discord Servers Linked to Same Hackers: Report
- TRM Labs revealed that NFT minting scams deployed through compromised Discord accounts increased by 55% in June compared to May.
- The targeted NFT projects include the Bored Ape Yacht Club(BAYC), Bubbleworld, Parallel, Lacoste, Tasties, and Anata, among others.
- Hacks are likely by a linked group of hackers using compromised Discord server admin accounts.
- Hacking happens weekly, and they often target ERC-721 tokens.
With the NFT Boom, Cyber Attacks against NFTs(Non-Fungible Token) have been on a surge in recent days. The latest report by TRM labs reveals that the NFT community lost over $22 million in May alone owing to these attacks.
TRM Labs revealed that NFT minting scams deployed through compromised Discord accounts increased by 55% in June compared to May. The investigation further states that the hacks were likely by a linked group of hackers using compromised Discord server admin accounts. As per the report, some of the linked compromises through Discord projects include BAYC, Bubbleworld, Parallel, Lacoste, Tasties, and Anata, among others.
TRM Labs claims it has received more than 100 reports of Discord channel hacks in the past two months through its Chainabuse reporting platform. According to its investigators, the hacking happens weekly and often targets ERC-721 tokens. The tactics used to trick Discord users vary from leveraging sign sophisticated social engineering to pretend as an administrator, Exploiting bot vulnerabilities, and even updating administrator settings to ban Discord moderators.
Yuga Labs-creator of well-known Bored Ape Yacht Club (BAYC) NFT collection Discord servers, was hacked on June 4th when BorisVagner.ETH, Social Manager at Yuga Labs, had his verified Discord account hacked. The hacker used Boris’s account to post promotional material to the Discord community.
TRM states the hackers mainly targeted users who were already holders of valuable NFTs and provided a fraudulent link prompting users to send a minting fee in ETH. Following this, the ETH, along with the compromised victim’s wallets, went straight to the ETH and went straight to the fraudster’s address.
The investigators at TRM labs claim that in total, from a single exploit, the attackers acquired a diverse portfolio of 18 valuable NFT projects, including Bored Ape Yacht Club, Mutant Ape Yacht Club, OthersideMeta, and MekaVerse.
According to Monica Laird, a TRM Labs investigator, there have been over 150 compromises since May targeting an admin role within a larger NFT project channel. Laird explains once the hackers grasp control over the admin account, they lure users by creating a false sense of urgency by sending out links to promotional giveaways and “exclusive” NFTs mints. Once the user clicks on the malicious website, their wallet gets compromised.
Chris Janczewski, who headed the team behind the investigation at TRM Labs, says that Discord makes it a very target-rich environment. “If you’re looking for people that own NFTs, you go to a place where they’re all hanging out, and you have a point to be able to make [contact] with them.”
In its report, TRM Labs further acknowledges that the attacks occur across multiple blockchains, which indicates the presence of separate attacks by rival cyber criminals running scams while using tools provided as a “Scam-as-a-Service,” turn-key, pay-as-you-go services to launch attacks.
While Discord is increasingly becoming a breeding ground for NFT Hackers, Twitter is not far behind. According to recent media reports, scammers are leveraging Twitter mentions to trick users. After hacking Twitter accounts, the hackers impersonate popular NFT and crypto projects. They then take to users in replies across hundreds of tweets to drive them to phishing websites.
Reportedly, between September 2021 and May 2022, there have been nearly 90 000 fraudulent NFT transactions. The amount lost to crypto scams alone is about $14 billion. NFTs are taking over the world by storm. Therefore, it is the responsibility of the NFT marketplace as well as the NFT Holder to stay away from dubious links offering freebies and keep oneself informed about common scam tactics by threat actors.