An analysis of recent hacks targeting non-fungible token (NFT) projects carried out through the social media platform Discord shows that many of them are part of a larger string of attacks, according to blockchain intelligence company TRM Labs.
Such attacks have rapidly risen over the past three months, and since May 2022, the NFT community has lost as much as USD 22m.
Last June, phishing attacks related to NFT minting scams carried out via compromised Discord accounts rose by 55% compared with May 2022, the firm’s researchers said in a recent report.
TRM Labs stated that one of the NFT project exploits that could be linked to other hacks is Yuga Labs, the company behind the Bored Ape Yacht Club (BAYC) collection.
“Yuga Labs’ Discord servers were hacked on June 4th when BorisVagner.ETH, Social Manager at Yuga Labs, had his verified Discord account compromised. While in control of the verified account, the hacker began to post promotional material to the account’s Discord community,” according to the report.
The company’s researchers said that a review of more than 15 “notable” Discord compromises targeting NFT servers and analysis of on-chain and off-chain data suggest that “dozens of these recent account compromises are likely related.”
Furthermore, some of the linked compromises include well-known NFT Discord project accounts such as BAYC, Bubbleworld, Parallel, Lacoste, Tasties, Anata, and others, they stated.
Based on its findings, TRM Labs says that its analysis of on-chain and off-chain data indicates that many of the attacks through Discord that target NFT projects show similar patterns of behavior. Hackers use a wide range of tactics to scam Discord users, including:
- deploying sophisticated social engineering, such as phishing and fraudulent accounts that pretend to be an administrator;
- taking advantage of bot vulnerabilities, such as the Mee6 bot, which enables administrators to automatically give and remove roles and file messages to the community;
- in some cases, hackers even updated administrator settings with the aim of preventing Discord moderators from interfering with their criminal operations.
The report found that,
“Hackers’ messages to users have routinely attempted to tap into the sense of urgency typically associated with NFT minting events, prompting users to act quickly in order to avoid missing out on a free giveaway or limited inventory.”
TRM Labs argues that, as NFT projects make efforts to strengthen the security of their platforms and servers, and law enforcement and other groups intensify work to prevent attackers from carrying out future exploits, individuals should also take steps to protect themselves.
“Being aware of common attack vectors, including platforms like Discord, and common tactics by threat actors, including phishing attacks that utilize [fear of missing out] FOMO-inducing language, will help mitigate the risk of becoming a victim of these scams,” the researchers concluded.