NFT communities across the world are reeling as the number of Discord scams targeting these valuable digital assets continues to rise. The first half of 2022 has seen numerous large-scale examples of Discord scams making off with high-profile NFTs, and there are countless examples of smaller-scale events as well.
Discord is a popular messaging and community chat app that is used by communities of all kinds to discuss interests and coordinate groups online. Blockchain enthusiasts are no exception, with many groups centered around cryptocurrencies, NFTs, and other projects. However, some say that Discord channels are creating an unnecessary risk through a lack of effective measures to fight scammers.
Most Recent Hack Sees $360,000 in NFTs Stolen
Yuga Labs is the company behind the popular Bored Ape Yacht Club NFT collection, a collection that includes many of the most valuable NFTs anywhere. However, they’ve also developed a reputation as an effective target for scammers as they have lost NFTs multiple times through Discord, Twitter, and other social media.
On June 5th, Yuga Labs announced that their Discord channel had been hacked once again. This time, scammers made off with over $360,000 in NFTs. This marks the 3rd time that Yuga Labs has been victimized by this kind of NFT scam.
A hack earlier this year was among the largest such scams ever seen, with $3 million in Bored Ape Yacht Club and other NFTs stolen. In this case, the official Bored Ape Yacht Club Instagram was hacked, allowing scammers to spread links to malicious websites under the guise of a supposed airdrop.
However, visitors who gave access to their wallets expecting a free gift instead found that the malicious website drained everything they had. It’s also interesting to point out that there are certain schemes such as the recently exposed BitiQ app which try to present themselves as legitimate NFTs. However, according to one website, this could not be farther from the truth.
Discord Receives Blame From NFT Communities
The hackers behind these scams have multiple methods they can use to steal NFTs. Once they obtain access to a Discord channel, they can send seemingly official messages to trick victims into revealing compromising information. These phishing attacks are a common tactic used by scammers of all kinds, but some in the NFT community are saying that Discord’s lack of security is also to blame.
The scammers obtain access to Discord, Twitter, or other platforms by applying a number of different hacking methods. In many cases, this is as simple as guessing a password or recovery phrase, something that can be done with relative ease if the person in question isn’t using proper password security.
In other cases, they can rely on sending malicious links to falsely direct individuals to websites that mimic the appearance of Discord or Twitter. Once there, they ask for the individual’s username and password. With that, the scammers have full access to the account in question.
The truly devious part of the scam comes next. Through the NFT project’s Discord or Twitter, the scammers will announce an airdrop or giveaway of NFTs or other crypto assets. Normally, airdrops are a simple way for NFT collections to hand out free NFTs. However, the links that the scammers share go to malicious websites that trick visitors into giving full access to their crypto wallets.
Once the scammers have control of the wallet, they can transfer every NFT and every bit of cryptocurrency to another wallet. After that, there’s no way to get it back. Due to the very nature of blockchain transactions, there’s no way to reverse transactions and no central body to mediate disputes.
Few Effective Measures for Fighting Back Against Scammers
Yuga Labs is far from the only target for NFT scammers. A recent phishing attack against OpenSea, the largest NFT marketplace, stole $18,000 in NFTs. In May, scammers gained access to OpenSea’s Discord account and posted a fake announcement highlighting a supposed partnership with YouTube. The announcement included a link to an airdrop, which was actually a malicious website that steals wallets.
These scams continue to ramp up in both frequency and severity. Along with these high-profile hacks, countless other smaller projects fall victim to NFT scams as well. There is very little that communities can do to fight back against these kinds of scams, with most simply issuing advice to their users to avoid suspicious links and don’t trust airdrops. It’s up to users to ensure that their NFTs are kept safe from hackers and scammers.