Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.
Discord a public chat application designed for gamers has grown popular among crypto owners all over the world. Attackers are targeting the Discord servers of several popular nonfungible token (NFT) projects.
Josh Fraser founder of Origin protocol shared a thread on Twitter earlier this month, revealing the issue and warning the user about the integrity of the Discord private channels. Fraser added that the issue was quickly closed as a “duplicate issue” when responsibly disclosed to the team of Discord.
According to Fraser, Discord API leaks “the name, description, members list, and activity data for every private channel on every server.” He explained he stumbled on the issue while setting up an automated script to notify him anytime a user enters a certain keyword.
Another tweet was shared by PeckShield, a blockchain cybersecurity firm, warning users about compromised NFT Discord Server of Memeland, RTFKT, PROOF/Moonbirds and infrastructure company Cyberconnect.
Cyberconnect and Memeland confirmed the hack on their Twitter feeds and warned users to avoid clicking on any link on Discord. Cyberconnect caution that the project will never ask for their private keys. Similarly, Memeland alerted customers about the “fake links” in a message.
A team member of Memeland noted, “a discord bot (mee6) seems to be compromised across various high profile servers.” The mee6 bot is used by the server owners to automate welcome messages and inform about the server rules, events and topics.
With lots of high-profile crypto projects using Discord, this leakage of information can reveal “not-yet-announced partnerships, upcoming product launches, exchange listings, and coordinate multi-sig signers,” as reported by Fraser.
According to Motherboard, the compromised Discord server bot can cause devastating results, as an adversary can post a malicious link disguising as an automated bot and allure users to open it, one wrong click can cause irreversible damage to individual earnings, and a hijacked Discord server can pose threat to a large audience.
“That would be such a credible piece of bait that I’m sure hundreds or thousands of people are gonna fall for that. […] Those bots are a huge liability when it comes to security,” explained Stephen Tong, co-founder of blockchain security firm Zellic.
The string of attacks against the NFT discord channel continues in recent months. Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz, had their Discord accounts breached and compromised in April, and OpenSea accounts were hacked in May.
Roger Grimes at Knowbe4 said, “The key lesson here is that anyone in the potential attack chain of cryptocurrency or NFTs has to be secured as if they were a high-security government agency.”
Further, Grimes suggested that cryptocurrency services should introduce high-security configurations for all software and devices. Initiate multi-factor authentication(MFA) to log in, patch all vulnerable software, impart education, and “run application control problems backed by a secure hypervisor chip”.