Since the last post about an NFT project having its Discord compromised, five days ago, we've seen at least fifteen more projects suffer the same: Clyde, Good Skellas, Duppies, Oak Paradise, Tasties, Yuko Clan, Mono Apes, ApeX Club, Anata, GREED, CITADEL, DegenIslands, Sphynx Underground Society, FUD Bois, and Uncanny Club.
This is the latest in a long string of Discord compromises. Other hacked servers in recent days included those for Curiosities, Meta Hunters, Parallel, Goat Society, RFTP, and Gooniez.
The Apocalyptic Apes Discord attackers stole around 21 NFTs. Bubbleworld attackers stole 171 NFTs, with combined floor prices amounting to around $243,000.
The Bored Apes Discord was also compromised on April 1, along with those of several other big-name NFT projects.
Bot compromises have emerged as a wide attack vector in crypto and web3 communities, as widely-used bots can have elevated permissions across Discord channels used as official information sources across many communities.
Given OpenSea's prominence, it's surprising that the hacker managed to obtain relatively few NFTs of much value. The wallet appeared to have successfully stolen only 13 NFTs, none of which were from high-value collections, that are worth a collective $20,000 if resold at the collections' floor prices.
OpenSea tweeted several messages acknowledging the hack and urging users not to click any links. They have not yet confirmed that they've conclusively re-secured their server.
Other Discords reported to be compromised include several other big-name projects including Doodles, which had previously endured a Discord compromise in late February. This particular compromise appeared to stem from a series of compromised Discord bots, including a very popular CAPTCHA bot used to fight spammers. It's unclear if anyone lost money to the fake links posted by seemingly-official Discord accounts, or how much, but these types of attacks often lure in at least some victims, and the higher-priced NFT projects like Bored Apes and Doodles enable scammers to ask for quite a lot of money without raising an eyebrow.
Not only did the attackers post a fake mint link, they took steps to prevent the project from thwarting their attack by banning other members and removing user rights that would have allowed other project members to delete the fake links. They also added a bot to the server that locked channels so people couldn't send warnings that the links were fake.
The Rare Bears team did eventually regain access and secured their Discord server. In an apology posted on their Twitter page, they addressed the multiple security breaches that Rare Bears have faced to date, and said they had "stepped up" and would be having a firm audit their project.
Discord compromise targets fans of the Wizard Pass project in a two-for-one scam that both accepted payments for fake NFTs and stole the NFTs that victims already owned
A Twitter thread by SerpentAU suggested that the malicious minting website had not only accepted ETH from victims and provided nothing in return, but had also prompted users to grant full access to their NFT wallet, allowing valuable NFTs to be stolen. It's not yet clear how many NFTs were stolen as a result.