By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Simple Analysis of How Scammers Compromised 9 Discord Servers

Quick take:

  • Scammers exploited more than 9 Discord servers in a recent Discord hacking spree.
  • Servers of BAYC, doodles, and several others fell victim to the hack.
  • An on-chain analyst released a Twitter thread analyzing how the scammers carried out the attack.

An on-chain analyst that goes by the name OKHotshot wrote a detailed analysis of how the scammers pulled off the Discord server exploit.

Scammers launched a phishing attack on some prominent Discord NFT groups, including 

  • Freaky Labs
  • Kaiju Kingz
  • Dreadfulz NFT
  • Voyager: Unknown
  • Nyoki
  • Shamanzs NFT
  • Zooverse
  • Bored Ape Yacht Club
  • Doodles (2nd time)

The reported attack looted several NFTs from users who fell for the scam.

Scammers find a way around everything

The scammers gained access to the Discord server and posted phishing links looting the users off their NFTs and assets. How did they do this?

Scammers achieved this with a form of social engineering through DMs to gain admin access. Once they gained access, they posted fake messages using webhooks. Around 140 Discord servers were compromised this year in this style.

But this time, the attack was different. Most of the victims got breached through a verified Discord bot called Ticket tool. What’s strange is that the same bot is used to avoid DM scams.

Scammers bypassed the Ticket tool

The latest version of the tool had a bug that granted users permission to add and remove commands. It allowed normal users the ability to assign webhooks to users.

Scammers used the webhooks to push scam announcements with phishing links that looted the user of all valuables. The attacks were all similar and coordinated as the web design and javascript seemed identical.

Ticket Tool has stated they've reverted to the previous uncompromised version that doesn't have the bug. And they've also regenerated their Discord token, just in case. However, if you don't feel comfortable, there are alternatives you can use...

The analyst also warned the users that these attacks could happen regularly, and they need to be cautious and secure their accounts. 

The information provided on DecentReviews does not constitute investment advice, financial advice, trading advice, or any other sort of advice. Do not treat any of the websites content as such. DecentReviews does not recommend that any cryptocurrency or blockchain asset should be bought, sold, or held by you. Conduct your own due diligence and consult your financial advisor before making any investment decisions.

Get free Web3 analysis and news in your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Platforms/tools Mentioned:

There are no products mentioned.
This page may contain affiliate links. Learn more