At least 101 NFT Discord servers compromised in July

A fluorescent green skull with blond hair, a piece of cheese floating above its head, a rainbow connecting its eye sockets, and padded armorTasty Bones' Discord was hacked twice in July (attribution)
I've largely stopped covering crypto Discord compromises because they occur so frequently it would drown out everything else. OKHotshot has been keeping count, though, and according to them, at least 101 servers have been compromised in the month of July. Four of the projects — EY3KON, Tasty Bones, Universe by Barnabe, and Angry Dinos — were each compromised twice in that month.

Lacoste Discord among the latest to be hacked

So, apparently polo shirts have NFTs now. Fashion brand Lacoste's NFT project is titled "Undw3", which is apparently supposed to be pronounced "underwater" — I guess if you say the 3 in French it sort of sounds like the English... word... "underwater"... anyway. The Discord for that NFT project was one of the latest to be hacked in a string of Discord hacks so prolific that I've basically stopped reporting on them individually. Like many recent Discord hacks, this one was accomplished by compromising a moderator's account. The account was then used to post a fake mint link, and users who signed the transaction approval found their assets transferred to the attacker.

Since the last post about an NFT project having its Discord compromised, five days ago, we've seen at least fifteen more projects suffer the same: Clyde, Good Skellas, Duppies, Oak Paradise, Tasties, Yuko Clan, Mono Apes, ApeX Club, Anata, GREED, CITADEL, DegenIslands, Sphynx Underground Society, FUD Bois, and Uncanny Club.

Known Origin is the latest project to have their Discord compromised

The Discord server for Known Origin, a fairly major NFT platform, was compromised. The scammer used their access to advertise a fake free NFT mint, which actually would steal NFTs if a user tried to connect their wallet.

This is the latest in a long string of Discord compromises. Other hacked servers in recent days included those for Curiosities, Meta Hunters, Parallel, Goat Society, RFTP, and Gooniez.

A wave of Discord moderator account hacks impacts multiple NFT-related servers

The June 4 compromise of the Bored Apes Discord was only one of several Discord hacks in the same time period. All the attacks appeared to involve user accounts of individual moderators being compromised and used to post fake announcements that lured users of the server to phishing sites that stole NFTs. Discord servers for Yung Ape Squad, Apocalyptic Apes, Bubbleworld, and Aiternate were among the projects affected.

The Apocalyptic Apes Discord attackers stole around 21 NFTs. Bubbleworld attackers stole 171 NFTs, with combined floor prices amounting to around $243,000.

Bored Apes Discord compromised again, 32 NFTs stolen and flipped for $360,000

Phishing message from Bored Apes DiscordPhishing message from Bored Apes Discord (attribution)
Scammers were able to compromise the Discord account of a Bored Apes community manager, then use it to post an announcement of an "exclusive giveaway" to anyone who held a Bored Ape, Mutant Ape, or Otherside NFT. When users went to mint their free NFT, the scammers were able to steal their pricey NFTs. The scammer quickly flipped the stolen NFTs for a total of around 200 ETH (about $360,000), then began transferring funds to Tornado Cash.

The Bored Apes Discord was also compromised on April 1, along with those of several other big-name NFT projects.

Fake minting links distributed after several large NFT Discord servers are compromised

Members of several large NFT Discord servers began seeing suspicious-looking messages announcing supposed NFT mints that turned out to be fakes. Affected communities appeared to include Moonbirds/PROOF, Axie Infinity, RTFKT, Memeland, Alien Frens, and others. The attack appeared to involve a Discord bot called MEE6, though there was some confusion around whether there was a compromise of MEE6 itself or if it was simply used in the attack. The following day, MEE6 acknowledged that an employee account had been compromised.

Bot compromises have emerged as a wide attack vector in crypto and web3 communities, as widely-used bots can have elevated permissions across Discord channels used as official information sources across many communities.

OpenSea Discord hacked

The OpenSea Discord server was compromised, allowing a scammer to post a seemingly-official announcement that OpenSea was partnering with YouTube on a line of NFTs. They urged people to act quickly to snag one of only 100 free NFTs that would offer "insane utility".

Given OpenSea's prominence, it's surprising that the hacker managed to obtain relatively few NFTs of much value. The wallet appeared to have successfully stolen only 13 NFTs, none of which were from high-value collections, that are worth a collective $20,000 if resold at the collections' floor prices.

OpenSea tweeted several messages acknowledging the hack and urging users not to click any links. They have not yet confirmed that they've conclusively re-secured their server.

Discord servers of several big-name NFT projects including Bored Apes and Doodles are compromised

Another day, another Discord compromise — or in this case, many Discord compromises. Bored Apes wrote on their Twitter account in the early hours of the morning, "STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now."

Other Discords reported to be compromised include several other big-name projects including Doodles, which had previously endured a Discord compromise in late February. This particular compromise appeared to stem from a series of compromised Discord bots, including a very popular CAPTCHA bot used to fight spammers. It's unclear if anyone lost money to the fake links posted by seemingly-official Discord accounts, or how much, but these types of attacks often lure in at least some victims, and the higher-priced NFT projects like Bored Apes and Doodles enable scammers to ask for quite a lot of money without raising an eyebrow.

Discord hack targeting Rare Bears NFT project nets attacker $800,000

An illustration of a bear wearing a crown, with laser beams firing from its eyes, with headphones around its neck, holding a molotov cocktailRare Bear (attribution)
After hackers successfully compromised the account of one of the Rare Bears Discord moderators, they posted an announcement that new NFTs were being minted. Those who tried to participate in the mint wound up having their accounts compromised and their NFTs stolen. The hackers sold most of the 179 NFTs they stole, for a combined total of 286 ETH (more than $800,000).

Not only did the attackers post a fake mint link, they took steps to prevent the project from thwarting their attack by banning other members and removing user rights that would have allowed other project members to delete the fake links. They also added a bot to the server that locked channels so people couldn't send warnings that the links were fake.

The Rare Bears team did eventually regain access and secured their Discord server. In an apology posted on their Twitter page, they addressed the multiple security breaches that Rare Bears have faced to date, and said they had "stepped up" and would be having a firm audit their project.

Discord compromise targets fans of the Wizard Pass project in a two-for-one scam that both accepted payments for fake NFTs and stole the NFTs that victims already owned

Wizard Pass is an NFT trading community and package of various software tools that can be joined for a price: a collection of 3,000 NFTs gates access to the community. The NFTs had a successful mint on March 7, and since then have been trading for around 0.3 ETH ($800) on the secondary market. Although the project stated that they would never mint more passes, members of the Discord were excited when the project's founder announced they would be doing a public sale for an additional 1,000 NFTs, at 0.1 ETH ($250) apiece. Unfortunately, there was no such mint, and it turned out the founder's Discord account had been hacked. As of midday on March 14, the hacker had received 66.4 ETH ($169,000) from 290 wallets.

A Twitter thread by SerpentAU suggested that the malicious minting website had not only accepted ETH from victims and provided nothing in return, but had also prompted users to grant full access to their NFT wallet, allowing valuable NFTs to be stolen. It's not yet clear how many NFTs were stolen as a result.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.