Recently launched NFT project, Rare Bears, was deed with an attack, aft a hacker posted a phishing nexus successful the project's Discord channel, stealing astir $800,000 successful NFTs.
Analysis from blockchain information steadfast Peckshield elaborate that the attacker was capable to bargain 179 NFTs, including Rare Bears and different NFTs from assorted collections, including CloneX, Azuki, a “mfer” from creator sartoshi, and 6 LAND tokens utilized for The Sandbox metaverse.
According to on-chain analysis, astir of the NFTs were sold, netting the hacker 286 ETH, worthy implicit $795,500, astir of which was promptly enactment done Tornado Cash, a crypto mixer utilized to obfuscate the root of funds.
A slate of akin phishing scams person occurred successful caller months connected Discord, suggesting immoderate teams request to much cautiously see the information connected admin accounts. Earlier today, the Rare Bears squad posted that they had hired information advisor and auditor “Pandez” for a afloat information audit of its Discord.
How the onslaught happened
According to an update posted by the Rare Bears team, the hacker gained entree to the relationship of a Rare Bears Discord moderator known arsenic “Zhodan”, posting an announcement wrong the group's transmission that a caller mint of NFTs was taking place.
It was a fake of people — a phishing nexus designed to bargain funds from a users' wallet.
Warning @BearsRare
Discord has unluckily been compromised. Please DO NOT click immoderate links, link your wallet and artifact each incoming DMs successful our discord. Our squad are moving connected the concern arsenic we talk
The update from the information audit recovered that the caput of the project’s Discord relationship was compromised. The attacker, utilizing the compromised account, past banned different members, oregon removed their roles from the server, thereby removing their quality to delete the posted phishing link.
The attacker past invited a bot which locked each channels connected the server, removing the quality for others to publically pass that the posts and links were fake.
Rare Bears said the squad was capable to regain power of the server, removing the compromised relationship and transferring ownership to a caller one, and that the server is unafraid from different attack.
Related: NCA wants regularisation for coin mixers, but the crypto manufacture is already 1 measurement ahead
Speaking to Cointelegraph, information advisor Pandez said that users should look retired for a fewer cardinal signs that could mean a connection is simply a scam.
“Almost nary superior task volition ever bash a stealth mint,” Pandez said, “never click immoderate links which look similar this.”
Pandez said different reddish flags are if channels are locked during a “drop” of a caller NFT collection, if the nexus differs to those shared connected Twitter oregon different authoritative sources for the project, and if the nexus is continuously posted successful the channel.
Past attacks of a akin quality person happened connected Discord. In December, Solana NFT task Monkey Kingdom announced that hackers made disconnected with $1.3 million of the community's crypto funds aft a information breach. Attackers determination besides posting a phishing nexus which drained users’ wallets.
Last November, members of the Discord of fashionable NFT creator Beeple were besides scammed, with attackers gaining entree to a moderators account to station a phishing link, likewise draining idiosyncratic funds.