Rare Bears Discord Phishing Attack Nabs $800K In NFTs
Rare Bears, a newly formed NFT project, was targeted by a hacker who used a phishing link in the group’s Discord channel to steal approximately $800,000 in NFTs.
The attacker was able to steal 179 NFTs, including Rare Bears and other NFTs from other collections, including CloneX, Azuki, a “mfer” from artist sartoshi, and 6 LAND tokens used for The Sandbox metaverse, according to blockchain security firm Peckshield.
According to on-chain research, the majority of the NFTs were sold, netting the hacker 286 ETH worth approximately $795,500, the majority of which was immediately sent through Tornado Cash, a crypto mixer used to hide the source of funds.
A slew of similar phishing attempts have surfaced on Discord in recent months, implying that certain teams should pay closer attention to the security of admin accounts. The Rare Bears team announced earlier today that it has recruited security specialist and auditor “Pandez” to conduct a complete security assessment of its Discord server.
According to a Rare Bears team update, the hacker got access to the account of “Zhodan,” a Rare Bears Discord moderator, and issued a statement within the group’s channel announcing a new mint of NFTs.
Of course, it was a hoax – a phishing link designed to steal money from a user’s account.
The security audit discovered that the project’s leader’s Discord account had been hacked. Using the hijacked account, the attacker then banned or revoked other members’ roles from the server, therefore removing their ability to erase the phishing link.
The attacker then invited a bot to the server, which froze all channels and prevented others from publicly revealing that the postings and links were phony.
The team was able to reclaim control of the server, removing the compromised account and transferring ownership to a new one.
The service is now secure against further attacks, according to Rare Bears
Other red signals, according to Pandez, are if channels are locked during a “drop” of a new NFT collection, if the link changes from those provided on Twitter or other official sources for the project, and if the link is presented in the channel on a regular basis.
On Discord, similar attacks have occurred in the past. After a security breach, Monkey Kingdom, a Solana NFT project, claimed in December that hackers had made off with $1.3 million of the community’s crypto money. Attackers also posted a phishing link, draining users’ bank accounts.
Members of popular NFT artist Beeple’s Discord were also defrauded last November, with attackers obtaining access to a moderator’s account and posting a phishing link, depleting user cash.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews