NFT projects are likely to have lost $22 million since May 2022 due to hackers targeting NFT's Discord channels, a cybersecurity firm TRM Labs found out. According to their recent report, over 100 reports of Discord channel hacks have been filed in the past two months on Chainabuse, a community-led scam reporting platform operated by TRM Labs.
Investigators revealed a 55% month-on-month jump in the number of phishing attacks deployed through Discord in June 2022. Moreover, dozens of these attacks are likely related. In the recent Yuga Labs exploit, a consolidation wallet used by the attacker was linked to wallets with direct exposure to other compromises from May & June.
Discord is widely used by popular Nonfungible token (NFT) projects for promoting and interacting with their communities. The array of scam tactics includes:
· sophisticated social engineering, such as phishing and fraudulent accounts pretending to be an administrator.
· bot vulnerabilities, such as the Mee6 bot, which allows admins to automatically give and remove roles and send messages to the community.
· updated administrator settings to ban Discord moderators from interfering with the hackers’ operations.
"Hackers’ messages to users have routinely attempted to tap into the sense of urgency typically associated with NFT minting events, prompting users to act quickly in order to avoid missing out on a free giveaway or limited inventory."
Twitter is full of stories of scammed NFT holders. Thus, co-founder of DarkMeta Alan Seng shared his story with followers how he lost NFTs worth 140 ETH (approximately $250 000).
On 25 Jul 2022, I was scammed of my NFTs.
— Alan Seng (@AlanSeng) July 28, 2022
I lost 4 CloneX, some RTFKT airdrops, 2 Adidas ITM Meta Capsules, and 2 ENS that I love very much: 503.eth and ninja.eth.
Here's what happened.
He got in contact in a Discord channel with a guy who wanted to exchange his NFTs for Seng's ones. The buyer suggested to swap NFTs via a swap site Swiftful that turned out to be fraudulent. After Seng signed the signatures and connected his wallet to this site, his NFTs transferred to another address one by one. But he didn't receive anything from the buyer in return. He urges other NFT holders not to use unknown OTC platforms and websites for swapping.
A perfect example of an attempt of Social Phishing
— MohaCrypto.eth / b4u.eth / digitalfactory.eth (@crypto_moha) July 26, 2022
First : They found you on twitter because of your activity about NFTs
Second : it isolates you to a fraudulent site
Third : If you connect your wallet to this website, it s done ! He controls your bag 💼 #safu pic.twitter.com/ALdf9r1w78