Hackers target Discord NFT groups with malicious links
Hackers have targeted Discord Inc. groups that were discussing nonfungible tokens in an attempt to get users to click on malicious links.
At a time cryptocurrency has been hit hard, but not even close to NFTs, blockchain security company PeckShield Co. Ltd. warned that “several NFT Discords were compromised.” NFTs are assets built on blockchain technology to represent artwork, videogames and other digital artifacts.
According to an article in Vice, the hacker’s targeted NFT projects such as Memeland, PROOF/Moonbirds, RTFKT, as well as the Web 3 infrastructure company CyberConnect. The report claims they were “compromised,” but that’s a big stretch. In reality, which isn’t nearly as sexy as a Vice article, the “compromise” consisted of nothing more than bots posting malicious links.
There is some suggestion and claims that Discord NFT groups were hacked and taken over, but that’s not confirmed. Someone called Alien Frens on Twitter claimed Tuesday that they were “hacked” with “many others,” but there is zero proof this happened. Bots flooding a Discord channel with spurious links does not equal a hack.
Among the alleged victims is supposedly “Axie Affinity,” the popular play-to-earn game. Given there was $615 million stolen from Ronin in March, there wouldn’t be much left to hack from “Axie.” At the absolute worst, bots were hacked, but none of the so-called victims was actually hacked.
Vice quotes a co-founder of blockchain security firm Zellic as saying, “If that bot ever got compromised, the back end that controls the bot ever got compromised, that’d be fucking nasty dude. Because then you could just post an announcement saying like, ‘Oh, blah, blah, blah, go to this link,’ and then people will believe it because it’s the freaking bot. And then you’d be able to fish [sic] like a bajillion people.”
People trust billions of dollars with someone who speaks like that. Literacy may be an old-fashioned idea, but you’d expect the person you’re investing money with not to sound like a character in “Bill and Ted’s Excellent Adventure,” or “Idiocracy” for that matter.
Roger Grimes, data-driven defense evangelist at security awareness training company KnowBe4 Inc., told SiliconANGLE the key takeaway is that the potential attack chain of cryptocurrency or NFTs has to be secured as if it were a high-security government agency.
“Cryptocurrency and NFTs are different and very attractive to attackers,” Grimes said. “If an attacker finds a vulnerability in a regular finance service or website, they still have to take a lot of steps to turn that vulnerability into stolen value. The immutability of the blockchain cuts both ways and sometimes it is not on the side of the good actor.”