Several huge NFT Discords hacked by scam attacks

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

A number of Discord channels for some of the most popular Non-Fungible Token (NFT) projects have been hacked, with attackers attempting to scam users into giving away their cryptocurrencies and digital art.

Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz, have all had Discord accounts hacked and abused, reports claim.

On one of the channels, the fraudsters sent out this message: “Oh no, our dogs are mutating. MAKC can be staked for our $APE token. Holders of MAYC + BAYC will be able to claim exclusive rewards just by simply minting and holding our mutant dogs.”

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Minting fake NFTs

The attackers tried to scam users into “minting” a fake NFT. The “minting” process is essentially a purchase, as the victims are required to send Ether (Ethereum cryptocurrency) to the fraudsters’ addresses. In some cases, they could even send their own NFTs, “wrapped” into a token.

The projects were quick to react and warn their users that some of their identities had been stolen, although it still isn't known if any specific endpoint was compromised, or how.

The Bored Ape Yacht Club Twitter account posted this message soon after the attack started: “STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.”

Along with blue-chip projects like BAYC, and Doodles, our server was also compromised today due to a recent large-scale hack," Nyoki tweeted, as well. "We have taken everything under control in less than 30 minutes.”

Vice reported that two wallets were identified as participating in the hack, and were labeled as Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan. The first account obtained one NFT, sold it, and sent almost 20 ETH to the second wallet. The second one then sent more than 60 ETH to a mixing service, to “launder” the tokens. 

After that, the second wallet sent .6 ETH to two addresses - one inactive, and one with more than 1,400 ETH, and more than 6 million Tether coins.

Via: Vice

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.