Discord Hacking: a Threat for NFT Buyers

by | Apr 19, 2022 | Blog, NFT

In December 2021, two NFT projects were victims of a Discord hacking attack. Monkey Kingdom and Fractal announced they would distribute rewards to their community members. Posts began appearing in the announcements discord channels of both projects, saying a surprise mint would give community members a limited edition NFT.

However, on the 21st of December, disaster struck. The posts caused havoc: hundreds of users jumped at the chance, followed the link, and connected their crypto wallets. Unexpectedly, instead of receiving an NFT, wallets began to be drained of the Solana cryptocurrency, which was the one both projects used for purchases. In an hour or less, both projects informed their followers via Twitter that their Discord servers had been hacked and that around $1.4, from both projects, had been stolen from their users via the fraudulent link.

The attack was smart; it targeted the weaknesses in the infrastructures used to sell tokens, not the blockchain itself. They took advantage of a feature known as webhook, an application used to listen for a message sent to a particular URL that triggers a response.

When used on Discord, webhooks serve to create automated messages based on activities in other applications. When the attackers had access to Fractal and Monkey Kingdom Discord server’s webhooks, they sent the messages broadcasted to their Discord members.

Since the NFT community is nothing but thriving, these attacks have become more and more regular, and learning how to avoid them is a necessity.

How to Avoid Discord Hacking and Discord Scams

The first step to strengthen the security of a Discord is that if you are the NFT creator, make sure you are the server’s owner. Even if you didn’t create the server, you should ask the creator to transfer ownership because, as a server owner, you can act quickly if something goes wrong.

Second, it is key to give moderator permission to only a few people. They should be people that are part of the project and that are absolutely trustworthy. Additionally, it is necessary to ensure that the moderators are sufficient to cover all the time zones. It should never happen that something goes down at night or very early morning, and there is no one to send an alert and take immediate action.

Nevertheless, having trusted moderators is not enough to prevent a Discord hacking. To add an additional security step, have bots that remind the members of safety protocols every 15 minutes; this includes reminders to mint only from the project’s official website, to reiterate that the moderators will never direct message members, and to avoid clicking on suspicious links, among other dangerous activities. Make sure your community knows how you operate so that if something weird was to happen, they would notice.

Besides securing the ownership of the Discord and having trustworthy, around-the-clock moderators, here are some other actions that could help you protect your NFTs and avoid getting hacked.

  • Do not talk to strangers, and Turn off your DMs. An extreme option, though an effective one. Turn off your Discord DMs; most of them are scams or spam. Only other users you have added as friends on Discord can send you a private message. This ensures top security.
  • Be on the look for fake minting sites. There are many fake minting sites, and you have to be careful about what you click on. The fake site will look identical to the real ones, however, when you try to mint, your wallet security will get compromised, and you will probably lose your assets. Remember that every legitimate Discord server has an official links channel, and you must use links from there only.
  • Look out for fake accounts. Scammers and hackers usually impersonate influential people on Discord to make users click on fraudulent links. If the moderator or someone else from a Discord server you participate in  offers you exorbitant sums of money, do not trust that link, It would most likely be a scam.
  • Never, under any circumstance, share your recovery phrase. Metamask and other crypto wallets have a recovery phrase for every account. It sounds obvious, but it has happened, so, again, do not share your recovery phrase. Doing it is like sharing your credit card details, so don’t do it, not even with customer support.
  • Keep your wallet on a browser you do not use to navigate other sites. Having tight cybersecurity is crucial for your crypto wallet safety. If your preferred browser is Chrome, do not have your wallet there. Also, don’t install it on your mobile; there are many malicious links sent via chat platforms that could be malicious. Stay vigilant and use a separate system for your crypto work; avoid social media and any other browsing activities on the same system.
  • Don’t trust random Discord server announcements. If one of the Discord ververs you follow begins announcing fantastic giveaways, unlike any other they have announced before, be wary of it. Check for more info about the announcement in other media to check if it is real.
  • Distribute your crypto assets. Do not hold all your NFTs or crypto assets in one wallet. Have different wallets and keep valuable assets in a hardware wallet. Even if a hardware wallet will not save you from some social scams, it is the most efficient way to store your private keys.

Details are the Key

As every social network, Discord is a public space that can be hacked or attacked. Therefore, if you are a Discord manager it is key that you keep yourself updated about every protocol and update your community about your way of work. That will prevent any sketchy announcement from being taken seriously.

It is also important to have a plan in place to correctly manage any possible hacking or attack. For it to be efficient you will need a team that knows when something goes wrong so that the person in charge at the time can send an alarm.

You will also need communication pieces and emails ready to be sent to your community to reassure them you will handle the situation, and many cushion plans for every possible event: fraudulent links that lead to assets being stolen, phishing or fake minting. To have a clear path to follow, create a detailed document where you describe what to do if an attack occurs, and share it with everyone who is part of the project. This will allow you to be in control, even when you are not.

don’t miss your opportunity to get in from the ground up

 

 

become an exhibitor

have an idea, concept, or stronghold in the blockchain technology world? we’d love for you to come join us and share your plans for the future. an incredible chance to network, make new acquaintances and discuss opportunities face to face.

 

 

 

become a speaker

 

come share your valuable insight and knowledge to help further the development of web 3.0. speakers and educators can create invaluable content, host seminars, and converse with attendees in q&a sessions.

 

 

 

attend the show

 

learn about the next major advancement in our society. get in from the ground-up. this revolutionary opportunity will help you get a jumpstart on the inevitable mass-scale adoption of blockchain technology and how it will affect our world.