44 total views
The attack is the latest in a long string of exploits targeting users on Discord with fake “stealth” NFT drops.
Hong Kong-based gaming and venture capital firm Animoca Brands and its subsidiary Blowfish Studios have promised users that they will return 265 ETH (US$1.1 million) stolen in a case scam selling non-deletable tokens (NFTs) on D`iscord.
The fraudulent mining event occurred around 3am AEDT on November 19th on the Phantom Galaxies Discord server. It saw 1,571 counterfeit minting transactions in about three hours.
Phantom Galaxies is an upcoming Australian game developed by Blowfish Studios. The Phantom Galaxies Discord server has 94,000 members.
In an increasingly common incident on Discord, hackers gained control of the official Phantom Galaxies server using a malware bot that compromised the Admin account’s two-factor authentication. After taking control of the Discord server, hackers banned all employees, advisors, and account community moderators.
Screenshot of a fraudulent notice of a so-called NFT drop. Source: PhantomGalaxies Discord Server.
Then the hackers started posting announcements, claiming that the game was launching a surprise “stealth” NFT minting event right out of the box. Users were redirected to a fraudulent “Phantom Galaxies NFT minting platform” that charged users 0.1 ETH “mint fee”.
Screenshot of a scam site where users can “cast” PhantomGalaxies NFT.
Animoca Brands President Yat Siu warned followers of the fraudulent NFT drop in a tweet around 4 a.m. AEDT on Nov.
At 5:22 a.m., he posted another tweet, saying that affected customers will be “adequately compensated”. This has since been confirmed in a November 24 release from Animoca, which states that details regarding the compensation will be announced shortly.
“Woodz,” a Californian project manager for an upcoming NFT project called Terra Obscura lost $1000 USD to this attack. They told Cointelegraph they realized they had been duped shortly after ‘minting’ two non-existent NFTs:
“When I was doing it, it seemed a little out of place. The discharge is less unusual and the contract looks different. I knew something was wrong but wasn’t sure what.”
Woodz added that they “usually don’t just click on the link,” but have fallen into the hacker’s trap because of the way the message is placed inside the official notification channel.
The attack on Phantom Galaxies follows a similar attack recently on November 11 involving popular NFT artist, Beeple. Users think they’re signing up for a very affordable NFT discount, timed with his second Christie’s auction.
The perpetrator impersonated one of the channel administrators and the Beeple Notification Bot to advertise a fake NFT drop from Beeple on the Nifty Gateway. Beeple has removed the links to Discord from its Twitter profile, and the other links to the server don’t seem to work anymore.
21 report by cybersecurity firm RiskIQ, Discord is becoming an increasingly popular platform for cybercriminals. RiskIQ researchers discovered 27 unique types of malware hosted on Discord’s CDN servers.
In April, Talos Intelligence also found that hackers are increasingly using platforms like Discord to take advantage of users who are staying home due to global COVID-19 restrictions.
“Attackers are taking advantage of collaborative platforms, such as Discord and Slack, to stay under the radar and evade organizational defenses,” it wrote at the time.
#Animoca #refunds #users #ETH #stolen #fake #NFT #drop #Discord #hack