Attacks on NFT Communities: Discord servers become victims of NFT scams | 09.08.22

• NFT tricks pile up on Discord
• Bored Monkey Yacht Club & Co. Among the targets
• Notes about communications between hackers

NFT tricks on Discord are getting bigger

Discord messaging service is becoming increasingly popular. Originally built for online gaming, the platform that allows users to communicate with each other via text, audio and video has been built to include many users with several NFT projects popping up in recent months. In this way, project developers and lovers of irreplaceable tokens communicate with each other and exchange ideas. However, according to a report by crypto security firm TRM Labs, the app is increasingly becoming a target for hackers. “In June 2022, phishing attacks related to NFT mining scams conducted through compromised Discord accounts increased 55 percent compared to the previous month,” TRM Labs said in a statement. Since May alone, Discord servers for such projects have been attacked by cybercriminals more than 150 times, according to data from TRM Labs’ platform Chainabuse. This is said to have caused the NFT community to lose about US$22 million since then.


Buying Bitcoin is very complicated and time consuming.
» Here you can easily buy and sell Bitcoin

Attacks on boring monkey yacht users

In early June alone, 40 projects were attacked, including Swampverse, RunBlox, and SODA. Yuga Labs’ Bored Ape Yacht Club, one of the NFT’s most popular groups featuring AI-generated images of cartoon monkeys, was attacked for the second time on June 4, according to TRM.

The Discord account of yoga social manager Boris Wagner, known in the community under the pseudonym BorisVagner.ETH, is said to have been compromised. After the hacker took over Vagner’s account, he shared messages referring to the supposed giveaway where users were supposed to get the codes for free. Only interested parties should open the attached link, according to the scammer. Clicking on this prompted victims to link their wallets, allowing the attackers to deploy an NFT approval mechanism and take control of the digital pool’s containers. Then the hackers removed the NFTs from the hacked wallets. Not only the victims’ codes from the Bored Ape Yacht Club community, but also the codes of other users who fell in love with scammers on similar Discord servers were then transferred to a single wallet, according to TRM. This then contained a comprehensive compilation of NFTs from 18 projects, including BAYC, Mutant Ape Yacht Club, OthersideMeta and MekaVerse.

Users have been pressed

If the hackers could not take over the Discord profiles of well-known developers, then it is clear that they used social engineering tricks to get their victims to open the malicious links. For example, they pretended to be moderators and banned the interference of actual brokers. The hackers also emphasized in messages to users that quick action is required so that they can secure NFTs for free. In one case reported on Chainabuse, the scammer “safran_eth” wrote that only 117 tokens are still available, which means the link must therefore be clicked quickly.

It is said that the target of the scam has often been users who already have valuable NFTs.

Possible connection between cases

Based on a similar pattern, and the fact that one of the wallets used in the scam was able to capture NFTs from multiple projects, TRM Labs suspects that a large number of cases can be traced back to the same hacker – or a group of hackers.

The stolen NFTs were then transferred from the hacker’s wallet to the NFT Marketplace, where they were exchanged for ether. The resulting amount is said to have been largely transferred to three other wallets, which were then split into Tornado Cash and other wallets. The funds were then transferred to Bitcoin and paid via various decentralized services and darknet platforms. TRM Labs came to these conclusions with the help of the TRM Forensic Investigation Tool. It is also said that one of the three intermediate wallets is linked to similar scams that occurred in May and June 2022. Another wallet used by the hackers was also used for other Discord account settlements.

However, it is also conceivable that many hackers or hacker groups carry out many frauds and there is not only one actor responsible for all the attacks. This way, scammers can copy and replicate the strategies of their competitors.

This is how NFT fans can protect themselves from scams

But how can users protect themselves from attacks? Finally, while the projects could increase the security of their platforms and servers, the attacks were carried out via the Discord app. Therefore, special emphasis is placed on the actions of individuals. The TRM Labs report says: “Identification of common attack vectors, including platforms such as Discord, and common tactics used by attackers, including phishing attacks that use FOMO, will help reduce the risk of becoming a victim of scams. this is” . Web3 “Surge” advises turning off private messages on Discord in general or for individual servers. If you add another user to your friends list, private messages are still possible, but this can create a first barrier against scammers. In addition, it is recommended to activate two-factor authentication (2FA). When registering, the user must verify himself by entering a code that can be called up on a smartphone, for example.

You can also protect yourself from social engineering by taking the time to read the news to discover inconsistencies, validate them and only work within your own portfolio strategy. In many NFT communities there can also be references to current scams, Surge continues.

Editorial office

Leave a Comment