Two NFT projects were attacked by crypto hackers on December 21. The users of the popular NFT collection Monkey Kingdom and a video game asset store Fractal fell victims to one and the same group of hackers who stole Solana cryptocurrency directly from their crypto wallets. But how did the hackers do that?
The Disaster
Both crypto projects used Discord to get in touch with their audience. They announced reward day on December 21 to encourage early supporters with free tokens and NFT presale. Suddenly, they also announced an additional giveaway of limited-edition NFTs. Hundreds of users rushed to seize the opportunity, but the links to the reward appeared to be scam links. Everyone who clicked the reward link lost all their Solana crypto that was used for making purchases on Fractal and Monkey Kingdom. The real owners of Discord channels managed to react only in around an hour, but the thieves got away with almost $1.5 worth of Solana from users and the Monkey Kingdom.
Quite surprisingly, the scammers didn’t attack the blockchain system or the tokens, but Discord chatrooms where NFT buyers discuss all the related stuff. More exactly, the hackers broke into the so-called Webhook feature. It’s used by Discord and many other web apps to allow community hosts to broadcast official messages to their audience in a secure way. Access to webhooks allowed hackers to lure users into the trap.
Be Careful
If you are an NFT fan, you should remember about this vulnerability of Discord and other social media channels. Hopefully, service providers will find a way to cure their weak spots and keep supporting the surging NFT craze. Have you ever been a victim of crypto scams by the way? You can tell your story in the comments and don’t forget to share this article with other NFT buyers you know.
Leave a comment
Your comment is awaiting moderation. We save your draft here
0 Comments