Rare Bears Discord phishing attack captures $800K in NFTs

Recently introduced nonfungible token (NFT job), “Rare Bears,” was struck with an attack, after a hacker published a phishing link in the job‘s Discord channel, stealing nearly $800,000 in NFTs.

Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs including “Rare Bears” and other NFTs from various collections including “CloneX,” “Azuki,” a “mfer” from artist sartoshi, and six LAND tokens used for The Sandbox metaverse.

According to on-chain analysis, most of the NFTs were sold, netting the hacker 286 Ether (ETH), worth over $795,500, most of which was promptly put through Tornado Cash, a crypto mixer used to obfuscate the source of funds.

A slate of similar phishing scams has occurred in recent months on Discord, suggesting some teams need to more carefully consider the security of admin accounts. Earlier today, the “Rare Bears” team posted that they had hired security consultant and auditor Pandez for a full security audit of its Discord.

How the attack happened

According to an update posted by the “Rare Bears” team, the hacker gained access to the account of a Rare Bears Discord moderator known as Zhodan, posting an announcement within the group‘s channel that a new mint of NFTs was taking place.

It was a fake, of course, as a phishing link designed to steal funds from a ‘users wallet.

The update from the security audit found that the head of the project’ s Discord account was jeopardized. The opponent, utilizing the jeopardized account, then prohibited other members or eliminated their functions from the server, consequently eliminating their capability to erase the published phishing link.

The opponent then welcomed a bot that locked all channels on the server, eliminating the capability for others to openly interact that the links and posts were phony.

“Rare Bears” stated the group had the ability to gain back control of the server, eliminating the jeopardized account and moving ownership to a brand-new one, which the server is safe and secure from another attack.

Related: NCA desires policy for coin mixers, however the crypto market is currently one action ahead

Speaking to Cointelegraph, security expert Pandez stated that users must watch out for a couple of secret indications that might suggest a message is a rip-off.

“Almost no serious project will ever do a stealth mint,” Pandez stated. “Never click any links which appear like this.”

Pandez stated other warnings are if channels are locked throughout a “drop” of a brand-new NFT collection, if the link varies from those shared on Twitter or other main sources for the job, and if the link is constantly published in the channel.

Past attacks of a comparable nature have actually taken place onDiscord In December, Solana NFT job “Monkey Kingdom” revealed that hackers snatched $1.3 countless the neighborhood‘s crypto funds after a security breach. Attackers there also posted a phishing link that drained users’ wallets.

Last November, members of the Discord of popular NFT artist Beeple were likewise scammed, with aggressors accessing to a mediator’s account to publish a phishing link, likewise draining pipes user funds.


Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Want To Stay Updated On the Latest Crypto News? Get the all the important news in Crypto, NFTs & all things Metaverse Instantly! No Yes