Login Register

Discord hacking is the newest Problem for NFT buyers

By Dr.Dang June 7, 2022, 9:34 p.m.
Discord hacking is the newest Problem for NFT buyers

On December 21st, two NFT projects became victims of an attack. Multiple projects using crypto engage with their communities through Discord chat servers. For instance, Monkey Kingdom and Fractal NFT marketplace engaged heavily. The two were about to distribute rewards to their community members. Monkey Kingdom was to do so on 21st and Fractal through a token airdrop.

Discord hacking is the newest Problem for NFT buyers

However, disaster struck. Posts surfaced in the official “announcements” channel of each project. They claimed that a surprise mint would reward community members. Moreover, the reward would be a limited edition NFT. Following this, many people jumped at the chance.

The Monkey Kingdom and Fractal Gets Hacked

But a costly surprise awaited those who connected their crypto wallets. Rather than getting an NFT, wallets got drained of the Solana cryptocurrency. Both projects used the crypto for purchases. Within an hour, Twitter posts from the projects informed followers of the misfortune. In addition, they confirmed that the links were a phishing fraud.
In Fractal’s case, the scammers got away with around $150,000 worth of crypto. On the other hand, Monkey Kingdom got scammed about $1.3 million.
None of the attacks targeted the blockchain or tokens. Instead, the scammers exploited the weakness in the infrastructure. This was a reminder of the never-ending weakness in the growing NFT economy. So then, the same methods that hype up a sale can also open doors for hackers.

How the hacking occured

The hackers targeted a feature called webhook. The feature gets used by multiple web applications to listen to messages sent to a URL. In turn, it triggers an event in response. So, by gaining access to Fractal’s and Monkey Kingdom’s webhooks, the hackers smiled. They were able to send messages that got broadcast to some members. As a result, the fake “announcement” came to pass. Still, the content had some red flags. Even so, the distribution method looked legitimate enough to fool many.

Discord webhooks automate messages according to the activities in other applications. Still, it is easy to lose track of those bots. This happens particularly amid the different third-party service integrations. Also, you can’t switch off all of them at once if you get hacked. So then, this is a significant opportunity for hackers.

A Discord spokesperson said people should be careful when giving access to their devices. ”Discord takes the safety of all users and communities very seriously, including social engineering attacks like these,” stated Peter Day, senior manager of corporate communications at Discord. “While there are clear controls in place, we are always working to make it harder for these attacks to happen and will continue to invest in education and tools to help protect our users.”

The origin of the hack seems to be a service called Grape Network. The service offers community management tools to crypto projects that use Discord. Above all, there are brighter days for the projects affected by the attack. Fractal went live on December 21st, 2021. Further, Monkey Kingdom reimbursed money lost by members. In addition to that, it is relaunching the NFT line that got interrupted by the hack.

Do you find this content interesting?
This is just a MIRROR ! Find us via our Main TOR domain
And Let us know by leaving a comment and a rating.

Also, don't forget to follow our Official Telegram Channel to stay informed and safe by Reading  NOIRdotNEWS


Please visit our onion version to comment.