In June, stealing investor funds through Discord increased by 55%. About $22 million in the NFT segment fell into the hands of hackers.
Since May, more than 100 hack reports have been submitted to Chainabuse, TRM Labs’ community protection platform from scam projects. In June, attacks to steal investor funds through Discord increased by 55%. Through analysis, TRM Labs said that $22 million in the NFT segment fell into the hands of hackers.
Hackers target NFT projects that use the Discord platform to build community. However, the behavior of hackers still resembles past scams. According to TRM Labs, hackers often use accounts pretending to be administrators to trick unsuspecting people.
The hacker then sends a message to the user. The content of the text is often related to NFT minting events, requiring the user to quickly click on a malicious link. At the same time, the scammers exploit the vulnerabilities of the Mee6 bot (automation software) to grant and grant permissions in the channel and send messages to the community.
“During 2022, we have seen this pattern of fraud happen on a large scale, especially on the Discord platform,” said Monika Laird, investigator at TRM Labs in an interview with Decrypt.
In some cases, scammers even grant admin rights to ban Discord moderators from interfering. According to Laird, the attacks happen every week and typically target ERC-721-compliant NFTs.
“It’s not like Discord has a weak point, it’s a place rich in goals. If you’re looking for NFT owners, Discord is where many NFT ‘players’ go. You can contact them through this platform,” commented Chris Janczewski, Head of Global Investigations at TRM Labs.
Regarding on-chain data, Laird said the hacker’s moves are somewhat similar, possibly this is a group of hackers performing multiple hacks in a row. Yuga Labs, the company behind the NFT Bored Ape Yatch Club (BAYC) collection warned users last week.
“Our security team has been tracking the number of scams targeting the NFT community. We think hackers will attack many communities through social media accounts. Be vigilant and stay safe,” said Yuga Labs.
According to TRM Labs, blockchain data shows that hackers target NFT projects such as BAYC, Bubbleworld, Parallel, Lacoste, Tasties, Anata, etc. Besides Discord, recently, hackers have also turned to phish on Twitter and Instagram.