NFT Projects Lost $22M to Same Hackers on Discord: Reports

Two Web3 security companies have released reports focusing on the recent plague of hacks targeting NFT projects, likely by a linked group of hackers using compromised Discord server admin accounts.

According to a recent analysis by TRM Labs, cyberattacks against NFT collections have steadily increased in 2022, costing the NFT community more than $22 million in May alone. NFTs are blockchain-based tokens that show ownership of digital or physical assets.

In the report, TRM Labs, which specializes in digital asset compliance and risk management, states that cyberattacks related to NFT keystroke scams deployed through compromised Discord accounts subsequently increased by 55% in June 2022 compared to the previous month. .

“Since 2022, we’ve seen these compromises happen on a massive scale, especially on Discord,” said TRM Labs investigator Monika Laird. Decrypt in an interview.

TRM Labs claims to have received more than 100 Discord channel hacking reports in the past two months through its Chainabuse reporting platform. Laird says attacks occur weekly and often target ERC-721 tokens, which is a token standard on the Ethereum blockchain for non-fungible tokens.

On the chain side, she said the relationship between common consolidation points (exchanges, mixers) and wallets suggests that the same actors are driving the bulk of these attacks.

Yuga Labs, the company behind the Bored Apes Yacht Club NFT status symbol, said on Twitter last week: “Our security team has been tracking a group of persistent threats that are targeting the NFT community. We believe they may soon launch a coordinated attack targeting multiple communities via compromised social media accounts. Be vigilant and stay safe.”

According to TRM Labs, on-chain data suggests that many of the Discord compromises are tied to the same hacker who targeted the Bored Ape Yacht Club in June. According to the company, other targeted projects include Bubbleworld, Parallel, Lacoste, Tasties, Anata, etc.

As Laird explained, there have been over 150 compromises since May targeting an admin role within a broader NFT Project channel. Once hackers take control of the admin account, they send links to promotional giveaways and “exclusive” NFT mints tricking people into accessing these malicious websites by creating a false sense of urgency.

“It’s not necessarily that Discord per se has a weakness, but it just makes it a very target-rich environment,” says Chris Janczewski, head of global investigations at TRM Labs. “If you’re looking for people who own NFTs, you go to a place where they all hang out, and you have a point to make. [contact] with them.”

While cyberattacks targeting Discord have been successful, Laird pointed out that hackers have also compromised Twitter and Instagram accounts in recent months.

TRM Labs says the speed at which the attacks occur and the fact that they happen across multiple blockchains suggest they could be separate attacks by rival cybercriminals running scams at the same time at the same time. help of tools provided as “Scam-as-a-Service”, turnkey and paid services to launch attacks.

In a separate report detailing broader cyberattacks announced by DecryptBlockchain security firm Halborn has also seen an increase in threats targeting crypto, pointing to North Korean group Lazarus, which the US Treasury Department says orchestrated the $622 million hack of the Axie Infinity Ronin network.

While the TRM Labs report does not specify where the attacks came from, Halborn’s separate report sees the threat coming from China.

“The analysis indicates that Chinese players are targeting high-value individuals in the crypto sector,” said Alpcan Onaran, Halborn’s offensive security engineer. Decrypt by telegram. “We expect a logarithmic increase in Advanced Persistent Attack (APT) activity and we also expect to see different adversaries targeting Web 3.0 businesses and individuals.”

Onaran says that in Web3, security must be considered in all aspects, both technical and non-technical, to defend against these new threats.

Onaran says that in Web3, security must be considered in all aspects, both technical and non-technical, to defend against these new threats.

“There is a saying that there are no new crimes [or] new scams; there are the reconditioned old ones,” says Janczewski. “So it makes perfect sense that the whole type of spear phishing, FOMO, which causes people to do things irrationally very quickly, has pivoted into the new space, which is NFTs.

Editor’s note: This article has been updated to further clarify that TPM Labs and Halborn reports are separate and distinct.

Stay up to date with crypto news, get daily updates in your inbox.

Leave a Reply

%d bloggers like this: