NFT projects are likely to have lost $22 million since May 2022 due to hackers targeting NFT's Discord channels, a cybersecurity firm TRM Labs found out. According to their recent report, over 100 reports of Discord channel hacks have been filed in the past two months on Chainabuse, a community-led scam reporting platform operated by TRM Labs.
Investigators revealed a 55% month-on-month jump in the number of phishing attacks deployed through Discord in June 2022. Moreover, dozens of these attacks are likely related. In the recent Yuga Labs exploit, a consolidation wallet used by the attacker was linked to wallets with direct exposure to other compromises from May & June.
Discord is widely used by popular Nonfungible token (NFT) projects for promoting and interacting with their communities. The array of scam tactics includes:
· sophisticated social engineering, such as phishing and fraudulent accounts pretending to be an administrator.
· bot vulnerabilities, such as the Mee6 bot, which allows admins to automatically give and remove roles and send messages to the community.
· updated administrator settings to ban Discord moderators from interfering with the hackers’ operations.
"Hackers’ messages to users have routinely attempted to tap into the sense of urgency typically associated with NFT minting events, prompting users to act quickly in order to avoid missing out on a free giveaway or limited inventory."
Twitter is full of stories of scammed NFT holders. Thus, co-founder of DarkMeta Alan Seng shared his story with followers how he lost NFTs worth 140 ETH (approximately $250 000).
He got in contact in a Discord channel with a guy who wanted to exchange his NFTs for Seng's ones. The buyer suggested to swap NFTs via a swap site Swiftful that turned out to be fraudulent. After Seng signed the signatures and connected his wallet to this site, his NFTs transferred to another address one by one. But he didn't receive anything from the buyer in return. He urges other NFT holders not to use unknown OTC platforms and websites for swapping.