Popular NFTs were stolen in a massive wave of Discord hacks

Hacken Ecosystem
3 Minutes Read

Discord: What makes it so popular?

Discord, a digital communication platform, is a go-to app for most crypto and NFTs enthusiasts. For Web3.0 projects, Discord is the favorite place to communicate with their fans. It’s no wonder Discord hosts the largest and most active crypto communities.

If you ask crypto fans why they use Discord, they say it’s cool, brings people together, and everyone does it. It was built for gamers looking for a company. It encourages conversations and the creation of memories. This togetherness gives Discord users a sense of belonging to a close community and the ability to form shared experiences. 

Discord stands proudly on a pedestal of crypto communication platforms together with Twitter and Telegram. Twitter, the most corporate of all, is used to make official announcements. Discord or Telegram are used for communication and collaboration.

Discord: Cybersecurity Weaknesses

From a cybersecurity perspective, Discord is a far cry from an impregnable fortress. Discord servers create a very opportunistic environment for hackers and scammers. A phishing scam is the most widespread cybersecurity threat on Discord. We have already analyzed how hackers stole millions in NFTs by hacking a single chatbot used by many official Discord servers and spreading phishing links. Unfortunately, Discord phishing scams are only becoming more hurtful and intense. Gordon Goner, the most famous Apemen behind and founder of YugaLabs and Bored Ape Yacht Club (BAYC), admitted that Discord crypto servers are just too prone to cyber attacks.

Discord Scams are growing

The auditing firm PeckShield reports that hackers attacked several popular NFT projects’ Discord servers. Scammers spread phishing links titled “claim free land,” stealing 32 blue-chip NFTs from BAYC and OtherSide Discord servers, including one BAYC, two MAYC, five Otherdeed, and one BAKC in the amount of approximately 145 ETH.

Other compromised Discord servers:

  • BossBeautiesNFT: ~45 NFTs were stolen, including one Beanz, one 3LandersNFT, and one VeeFriendsSeries2;
  • Bubblewrld:~160 NFTs were stolen, including one Beanz, one goblintown, one Otherdeed, and one CoolCats.  
  • apocalypticapes: ~21  NFTs were stolen, including three MindblowonNFT and two BokiNFT.  

Hackers transferred stolen funds to 0xbC1…, an address associated with previous phishing scams on Discord.

How to use Discord and stay safe

It is not over for Discord. It is possible to enjoy the “togetherness” of Discord and keep your digital assets safe.

For a crypto project with a Discord server:

  • Big crypto and NFT projects should administer their Discord servers in real-time.
  • Remain vigilant about granting posting permissions to third-party apps, such as bots.
  • Get security certification of your Web3.0 project from CER.live and Hacken and display it in your server description. In addition to improving your project’s cybersecurity, it will add credibility in the eyes of your community.

For a Discord user:

  • Only use verified social media channels and Discord servers. Hacken has one too.
  • Never trust screenshots, as anyone can edit a still picture. Always look for the original source.
  • If it’s too good to be true, it probably is. If it’s not, double-check whether the crypto project or its founder really posted a similar announcement/post/comment on other social media platforms.
  • Be aware of deepfakes; they are also used to spread phishing links.
  • Keep these cybersecurity essentials in mind every time you think about conducting a transaction.
Read more on HackenProof Blog