OKHotshot, an on-chain analyst, recently reported that up to 107 NFT Discord channels have been jeopardized from June 2 to July 2, 2022. OKHotshot made the announcement via its Twitter account on July 3rd.
According to the post, the compromised collections included huge players such as BAYC, KnownOrigin, Lacoste, and Memeland (9gag), Boss Beauties, and many more. The post also stated that the collections were compromised through social engineering scams. NFTs hacks have spiked 50.7% in the last four weeks compared to previous months, going from 71 discord attacks in May to 107 between June and July.
To put the word out on the recent hacks, OkHotshot has urged users to “stay vigilant.” OpenSea, the biggest NFT marketplace in the world, also warned buyers and holders to watch out for phishing attacks. The New York-based market went further in telling its consumers to beware of emails and files sent from strangers after reporting an enormous data breach.
OpenSea also revealed via its official blog post that 1.8 million users might be impacted by this data breach, resulting in more phishing and other social engineering risks. OpenSea’s Discord server was targeted by cyberattacks to promote scam drops. Earlier this year, the company had to reimburse $1.8 million for an NFT sold illegally.
Sara Baumann, the creator of the recently hacked Women and Weapons NFTs, asked investors to be mindful about their dealings in light of the recent scams. She went further to say, “We (Women and Weapons NFT) do not offer surprise mints or giveaways and will never ask for you to connect your wallet for any reason.”
As previously reported by NFT News Today, the popular Yuga Labs’ Bored Ape Yacht Club (BAYC) NFT collection announced that its Discord servers were subject to a “brief exploit” resulting in 200ETH worth of NFTs being stolen from users.
With NFTs (non-fungible Tokens) gaining popularity, they have become big targets for scammers and hackers. Creators of NFTs and those who buy them both take on inherent risks when making and purchasing these digitized assets. There are a few ways scammers get holders of valued NFTs to “bite.”
Phishing is one big way people get scammed. Phishing is done via email and is the act of deceiving a user into clicking or downloading something by pretending to be a trusted source. The practice has been around for some time and isn’t a crypto-only problem. Spear phishing is a more targeted form of this method as the attacker has a list of email addresses that they know have interacted with OpenSea.
Discord scams, as mentioned in this article, have grown due to the platform’s versatility and its large number of targets. With so much data available, scammers can easily gain access to the channel by hacking it or by sending false messages to Discord users.
Scammers can also imitate a social media influencer’s account and post outrageous or unachievable gains or giveaways. They will also direct message (DM) the victim to build rapport whilst parting them from their assets.
To avoid phishing, verify the link and look for minor differences on the actual website. Don’t click on links posted by unknown users or entities. Also, owners of legitimate projects don’t typically send private messages to anyone without a valid reason. Finally, with social media influencers, if the deal seems too good to be true, it most definitely is.