Hackers Compromised Discord Account of B.A.Y.C and OtherSide NFT Community Manager
A tweet was made saying that the NFT collection Bored Ape Yacht Club and OtherSide discord had been compromised by black hat hackers.
Almost $250,000 Lost in the Attack
A Twitter account stated that Boris Vagner, the community manager, had his account breached which let the scammers execute their phishing attack and over 145 ethereum was stolen from users.
According to the report, the scammers breached the community manager’s discord account and sent a fake minting link which normally authorizes users to connect wallets, although the offer was limited to only NFT holders in the community.
The scammers made the message look very convincing and also like a ‘once in a bluemoon’ giveaway in which members tried to take advantage of the opportunity.
A verified Twitter user, Christopher Leo Willekens, made a comment due to the shock about the improper security of the company, he said that this is not about security, it’s a social engineering scam where they make you join a discord and as soon as you join, your account is stolen and you don’t even know.
They are disguised as new hyped projects, targeting partnerships with community community managers.
More 70 Discord Channel got Compromised
The report further states that in May 2022, Over 70 discord channels got compromised by hackers. Popular NFT Collections such as RTFKT and Cool Cats were victimized, and even OpenSea’s official discord group got attacked.
According to the report, 26 of 70 discord groups got compromised as a result of the vulnerability of discord’s MEE6 bot. Reports concerning these attacks have not yet been revealed by the creators of the discord bot.
NFT holders are not only supposed to be concerned about protecting their seed phrases, but also concerned about links shared on discord servers as some may be phishing links by hackers. Due to the rampancy of phishing attacks on web3, cyber awareness about the consequences of tapping any link cannot be overemphasized
However, the situation seemed unavoidable as hackers gained access to the account of the ‘trusted’ community manager, in other cases more information should be gathered on links before tapping or clicking.
Hackers are now leveraging legitimate platforms to conduct their attacks and phishing links is their common method of approach. It was reported that a fake NFT Binance Minting bot was being promoted on YouTube. The link used in the attack was a github link that distributed malware.