So far over $22 million has been lost
The recent growth of hacks on NFT projects has some believing there is a much wider network involved in all of the drama. Two web3 security firms issued reports recently focusing on the current surge in attacks that have been targeting NFT launches. The attacks have been linked to a group of hackers that have taken advantage of compromised Discord server admin accounts.
TRM labs recently released a report that shows some of the attacks are connected. The report stated that phishing attacked on NFT mints and deployed through Discord accounts had increased by 55% in comparison to June.
The report goes on to state there are similar patterns of behavior when it comes to these hacks. There are many tactics that are being used to produce these hacks such as using sophisticated social engineering , exploiting bot vulnerabilities and updating admin settings to remove the moderators in order to keep them from hindering the scam.
Another tactic that has been used is to use a sense of urgency, that is when the hacker creates a new event that makes unsuspecting community members believe they should quickly make a purchase without doing their due diligence.
Example of scam Source Chainabuse
More than 15 notables Discord compromises were reviewed and the review of those compromises suggested that they were in fact related. Some of the well-known Discords that were attacked were BAYC,Bubbleworld, Parallel, Lacoste,Tasties, Anata, and a lot more.
The hackers attack those that hold very valuable NFT such as BAYC or the Otherside NFT. The movements of the hackers have been linked to a wider network by following the stolen Yuga Labs NFTs to the wallets they were placed in after theft. The thieves used Tornado Cash to mix up the assets and place them in wallets with direct exposure to other Discord compromises that occurred in previous months. All of these hacks have cost the NFT community over $22 million.
There have been over 100 reports of Discord channel hacks according to TRM and has been reported on the Chainabuse website. Yuga Labs announced they were tracking the group and warned the community via a tweet.
The other blockchain reporting security firm Halborn also saw an increase in threats that targeted crypto and stated it pointed to the North Korean Lazarus Group, the very same that was responsible for the $622 million hack of Axie Inifinity. The TRM report did not state the origin point of the hack but the Halborn report state that they see the threat as originating out of China.
The main focus of both of the reports is that these hacks should be stopped and the only way for the to happen is through proper web3 security measures.