The Intricacies of Discord Hacks and NFT Thefts

icon NFT
Photo - The Intricacies of Discord Hacks and NFT Thefts
In the realm of blockchain, you should be cautious not to blindly trust anyone who purports to be a journalist. The Orbiter Finance project learned this lesson the hard way.
A trickster, masquerading as a cryptocurrency news journalist, cunningly persuaded a moderator to complete a form. This seemingly harmless act resulted in the fraudster gaining control over the Discord server.

Upon seizing control, he rapidly stripped the project team members of their administrative privileges, stifled communication within the community, and proclaimed an airdrop (which, of course, turned out to be a scam).

By funneling the server participants onto a phishing website, he managed to plunder their NFTs. This crafty deception proved fruitful, with the impostor walking away with JPEGs and tokens amassing a staggering sum of $1 million.

What the Stats Say ?

In the blockchain world, NFT theft and the compromising of social media accounts are sadly becoming commonplace. The incident with Orbiter Finance is just a snapshot of a much larger issue.

Data gathered by NFT analyst and cybersecurity specialist, OKHotshot, reveals that over 900 Discord servers have fallen prey to similar phishing attacks since December 2021. Notably, there has been a significant uptick in these incidents over the last three months.

Over the past three quarters, more than 32,000 wallets have been victimized, leading to a staggering estimated loss of around $73 million. These figures are derived from statistics compiled by PeckShield and various Dune Analytics information boards.

The Scammers' Playbook ?

It's intriguing to note that these fraud schemes often involve acquiring a "drainer code" from the black market. The masterminds behind phishing attacks find malicious code in Telegram and Discord, and then incorporate it into their websites, typically agreeing to give the code developers a 20-30% cut of the ill-gotten gains.

The scammers then resort to various tactics. They impersonate journalists, enabling them to compromise Discord servers or Twitter accounts. Once they gain access, they use it to promote their websites, which host the NFT drainer code.

Most NFT Thieves are School-Age ?

Interestingly, many of these wrongdoers aren't seasoned criminals. “95% of them are kids below the age of 18 and they're still in high school,” revealed an NFT market security researcher to The Block.

These young fraudsters brazenly flaunt their dishonestly acquired wealth, squandering money on home food delivery, online gambling, and even purchasing high-end cars they are too young to drive.

To obscure their activities when cashing out, they frequently use the personal information of people from low-income countries, bought specifically for registering on exchanges.

Despite their amateurish actions leaving a trail of clues, the security researcher notes that unmasking these scammers isn't the difficult part. The problem lies in law enforcement's often lukewarm interest in pursuing them.

Stay Alert ☝️

While malicious software often finds ways to sidestep existing security protocols, these measures shouldn't be overlooked. To safeguard your tokens, consider using multiple wallets and routinely revoke smart contract permissions to transfer tokens. If you hold substantial amounts of cryptocurrencies, it's safer to store them in cold (hardware) wallets. 

Has been exploring the enigmas of the crypto industry since 2017, transforming them into accessible narratives. Relies on dark chocolate and nuts as a secret source of energy and inspiration.