The recently launched non-fungible token (Project NFT) “Rare Bears” was attacked after a hacker posted a phishing link on the project’s Discord channel, stealing nearly $ 800,000 in NFTs.
An analysis by blockchain security firm Peckshield found that the attacker managed to steal 179 NFTs, including “Rare Bears” and other NFTs from various combinations, including “CloneX”, “Azuki”, Sartoshi “mfer” and six LAND tokens. Used in Metaverse Sandbox.
According to the chain analysis, most of the NFT was sold, resulting in the hacker being able to obtain 286 Ether (ETH) worth over $ 795,500, most of which was immediately transferred via Tornado Cash, a cryptomixer used to hide a source of funds. .
There have been several similar phishing attacks on Discord in recent months, indicating that some teams need to be more careful about the security of administrator accounts. Earlier today, Rare Bears revealed that they have hired a security consultant and Pandes auditor to conduct a full security audit of their Discord.
How did the attack happen?
According to an update posted by the Rare Bears team, a hacker gained access to the account of a Rare Bears Discord broker known as Jodan by posting an announcement on the group’s channel that a new mint NFT is underway.
Of course, it was a fake link, like a phishing link designed to steal money from a user’s “wallet”.
A security audit update revealed that a project manager’s Discord account has been hacked. The attacker, using a hacked account, blocked the other participants or removed their roles from the server, preventing them from removing the posted phishing link.
The attacker then retrieved a bot that blocked all channels on the server, preventing others from publicly reporting that messages and links were fake.
Rare Bears stated that the team was able to regain control of the server by deleting the hacked account and transferring ownership to a new account, and that the server is safe from a new attack.
Related: The NCA wants to regulate currency mixers, but the crypto industry is already one step ahead
Speaking to Cointelegraph, security adviser Pandis said users should look for any key signs that could indicate the message is a scam.
“No major project will ever have an undercover instrument,” Bandis said. Never click on links that look like this.
Pandes said the other red flags are due to channels being blocked under a new NFT “reset” group if the link is different from the one shared on Twitter or other official sources for the project, and if the link is consistently posted on a channel.
Previous attacks of a similar nature have occurred on Discord. In December, the Solana NFT Project “Monkey Kingdom” announced that hackers stole $ 1.3 million in cryptocurrencies from the community after a security breach. The attackers also posted a phishing link that emptied users’ wallets.
In November last year, members of the popular NFT artist Beeple’s Discord were also scammed, with attackers gaining access to the admin account to spread the phishing link, and in the same way drain users’ money.