The recently launched NFT project, Rare Bears, was attacked after a hacker posted a phishing link on the project’s Discord channel and stole about $ 800,000 in NFT.
According to an analysis by blockchain security company Peckshield, the attacker was able to steal. 179 NFTs including Rare Bears and other NFTs from various collections, including CloneX, Azuki, artist sartoshi’s “mfer”, and 6 LAND tokens used in the Sandbox Metaverse.
According to on-chain analysis, Most NFTs have been sold and earned a hacker 286 ETH worth over $ 795,500. Most of it was immediately passed to Tornado Cash, a crypto mixer used to obfuscate funding sources.
Similar slate Phishing scam It’s been happening on Discord in recent months, suggesting that some teams need to consider the security of their admin accounts more carefully. Today, the Rare Bears team posted that they have hired a security consultant and auditor “Pandez” for a full Discord security audit.
How the attack happened
according to update A hacker posted by the Rare Bears team accessed the account of the Rare Bears Discord moderator known as “Zhodan” and posted an announcement that a new NFT mint is taking place within the group’s channel.
Of course, this was a fake. A phishing link designed to steal funds from a user’s wallet.
Unfortunately, discord is at stake. Don’t click links, connect wallets, or block all incoming DMs due to discord.Our team is working on the situation we are talking about
— Rare Bears (@BearsRare) March 17, 2022
An update from the security audit revealed that the person responsible for the project’s Discord account was compromised. The attacker used the compromised account to ban other members or remove the role from the server and remove the ability to remove posted phishing links.
The attacker then invited a bot to lock all channels on the server and removed the ability for others to publicly communicate that posts and links were fake.
Rare Bears said the team could regain control of the server, remove the compromised account and transfer ownership to the new account, and the server would be protected from another attack.
Talking to Cointelegraph, security consultant Pandez said users need to be aware of some important signs that could mean that the message is fraudulent.
“Stealth mint is rarely done on serious projects,” says Pandes. “Never click on a link that looks like this.”
According to Pandes, other danger signals are if the channel is locked during a “drop” of the new NFT collection, if the link is different from what is shared on Twitter or other official sources of the project, the link If you are posting continuously on the channel.
Past attacks of similar nature have occurred on Discord. December, Solana NFT Project Monkey Kingdom Hackers announced they made $ 1.3 million Attackers there in the community’s cryptocurrencies after a security breach have also posted phishing links that empty the user’s wallet.
Last November, a member of the popular NFT artist Beeple’s Discord was also scammed by an attacker. Gaining access to your moderator account Post phishing links and waste your money as well.