Simple Analysis of How Scammers Compromised 9 Discord Servers
- Scammers exploited more than 9 Discord servers in a recent Discord hacking spree.
- Servers of BAYC, doodles, and several others fell victim to the hack.
- An on-chain analyst released a Twitter thread analyzing how the scammers carried out the attack.
An on-chain analyst that goes by the name OKHotshot wrote a detailed analysis of how the scammers pulled off the Discord server exploit.
Scammers launched a phishing attack on some prominent Discord NFT groups, including
- Freaky Labs
- Kaiju Kingz
- Dreadfulz NFT
- Voyager: Unknown
- Shamanzs NFT
- Bored Ape Yacht Club
- Doodles (2nd time)
The reported attack looted several NFTs from users who fell for the scam.
Scammers find a way around everything
The scammers gained access to the Discord server and posted phishing links looting the users off their NFTs and assets. How did they do this?
Scammers achieved this with a form of social engineering through DMs to gain admin access. Once they gained access, they posted fake messages using webhooks. Around 140 Discord servers were compromised this year in this style.
But this time, the attack was different. Most of the victims got breached through a verified Discord bot called Ticket tool. What’s strange is that the same bot is used to avoid DM scams.
Scammers bypassed the Ticket tool
The latest version of the tool had a bug that granted users permission to add and remove commands. It allowed normal users the ability to assign webhooks to users.
Ticket Tool has stated they've reverted to the previous uncompromised version that doesn't have the bug. And they've also regenerated their Discord token, just in case. However, if you don't feel comfortable, there are alternatives you can use...
The analyst also warned the users that these attacks could happen regularly, and they need to be cautious and secure their accounts.
The information provided on DecentReviews does not constitute investment advice, financial advice, trading advice, or any other sort of advice. Do not treat any of the websites content as such. DecentReviews does not recommend that any cryptocurrency or blockchain asset should be bought, sold, or held by you. Conduct your own due diligence and consult your financial advisor before making any investment decisions.