Advertisement
Advertisement

Hackers Target NFT Projects: Over $22M Lost Since May 2022

By:
Sujha Sundararajan
Published: Jul 27, 2022, 14:52 UTC

Hackers have targeted the social media platform Discord by using sophisticated social engineering such as phishing and creating fake accounts.

hack

Key Insights:

  • TRM Labs report unveiled that hackers have targeted NFT projects on Discord.
  • The NFT community has lost about $22 million in the scam since May 2022.
  • In June alone, there was a 55% increase in phishing attacks linked to NFT minting through Discord accounts.

After stealing more than $1 billion in cryptocurrencies this year alone, hackers and cybercriminals have now turned to the burgeoning non-fungible token (NFT) projects.

In a fresh investigation, a group of NFT hackers targeting Discord social media channels have increased rapidly in the recent past. For instance, data show that cases of NFT scams jumped 55% in the month of June alone.

Most Scams Linked to “Wider Group” of Hackers

According to a recent report from a Web3 security firm TRM Labs, the NFT community has fallen prey to hackers, losing over $22 million in the process since the month of May.

Chainabuse, a scam reporting platform run by TRM, has filed over 100 scam reports in the past two months. The report said some notable projects, such as BAYC, were hacked twice.

The TRM analysis noted that hackers used sophisticated social engineering like phishing and fake accounts claiming to be an administrator in order to scam Discord users.

They had also used an “array of tactics” such as bots, which allow admins to automatically send messages to the community without the user’s knowledge. The release noted,

“The hackers purposefully targeted users who were already holders of valuable NFTs, advertising a “BAYC, MAYC, and Otherside EXCLUSIVE Giveaway,” and providing a fraudulent link that prompted users to send a minting fee in ETH.0.”

After gaining control of the victims’ wallets, NFTs from each compromised account was moved into a single wallet tied to the phishing link, the findings added.

The examination revealed that hackers’ movements of stolen NFTs were linked to a “wider” network. However, the number of groups involved remains unknown.

Yuga Labs, the company best known for creating the world’s largest and most profitable NFT project to date, the Bored Ape Yacht Club (BAYC), warned its users to be vigilant of malicious attacks.

NFTs Are a Hotbed for Hackers

With the continuous increase in the number of NFT users, phishers, hackers, and other cybercriminals have also targeted this market, further threatening the security of the NFT community.

For instance, a project named MoonManNFT stole nearly 400 NFTs under the name of free mint.

Experts have suggested a few ways to avoid falling victim to NFT scams. The key cause of NFT hacking is due to user visits to unofficial websites. It is important that users download the Web3 app or wallet from the official website.

Another way to secure digital currencies or collectibles is to check the domain name. one of the hackers’ tactics is to create knock-off sites whose domain names are similar to the original site.

It is best not to share login credentials and private keys with anyone who claims to be from the company or the administrator, experts noted.

About the Author

Sujha Sundararajan is a writer-journalist with 7+ years of experience in Blockchain, Cryptocurrency and in general, FinTech news reporting. Her articles have featured in multiple journals such as CoinDesk, Protos, Bitcoin Magazine, CCN, Asia Blockchain Review, BeInCrypto and EconoTimes to name a few. She holds a Master’s in Journalism from the Indian Institute of Journalism and New Media and is also an accomplished Indian classical singer.

Did you find this article useful?

Advertisement