Buyers hoping to get a limited edition NFT from Fractal, the new marketplace for gaming item NFTs, will steal the code on Tuesday morning with a link sent over the project’s official Discord channel.
Users who follow the link and connect the cryptocurrency in the hope of receiving an NFT will instead notice that their Solana (SOL) cryptocurrency holdings have been emptied and transferred to the fraudster’s account.An analysis posted on Medium by Tim Cotten, the founder of another NFT game project, estimated the value of stolen SOL. Will be about $ 150,000..
Fractals Startup project by Twitch co-founder Justin Kan We specialize in buying and selling NFTs that represent in-game assets. It was announced in early December and quickly attracted over 100,000 users through Discord. It is the target of this kind of scammer. Annoying NFT project From the beginning.
The news arrived on Twitter when a tweet from Kan informed his followers that the announcement bot on Fractal’s Discord server had been hacked.Another tweet from your main fractal Twitter account Confirmed that a malicious link was posted through the channel..
Announcement bot @fractalwagmi Discord has been hacked. Do not go to any URL and do not connect your wallet / mint.
— Justin Kan ❄️ (@justinkan) December 21, 2021
This attack exploited a user who wanted to create an NFT. This is the term given when buying tokens. First created by a particular projectInstead of buying in the secondary market at a later date.
The post from the Discord bot was fake, but on Fractal’s official Twitter account I posted a tweet Just a few hours ago, it hints at the next airdrop. Cryptographic projects are the process of distributing large numbers of tokens to users, usually early adopters. Demand for token mint and airdrops is often very high, so the pressure of users moving fast when snap announcements are made creates attack vectors that scammers are very pleased to exploit.
Cryptocurrencies and the encryption behind NFTs are very secure, but the vast network of websites and applications that make up the broader crypto ecosystem contains many potential attacks. increase.
Tweets from official fractal accounts suggested that fraudulent messages were posted to Discord. Via webhook.. Webhooks are a feature of web application design that allows an application to listen for messages sent to a particular URL and trigger events accordingly (for example, posting to a particular Discord channel).
Virtually anyone with a URL can post to the channel if the webhook isn’t protected by additional authentication methods. It is not clear what precautions the team behind the fractals have taken to prevent this from happening.
In the wake of hacking, Blog post from fractal Victims who have lost money have announced that they will be fully compensated. While briefly apologizing, the blog post also seemed to impose some of the security responsibilities on the project’s followers:
“If you feel something is wrong with your cryptocurrency, don’t move on, even if it looks legitimate at first. Cryptocurrencies don’t have a” undo button “so you need to make the best decisions. I have. “
Fractals did not respond to requests for comment sent through the company’s official contact form at the time of the press.