A number of top NFT outfits have been the target of a barrage of recent cyberattacks, where hackers took over the channels' bots to make use of phishing tactics, in order to convince users to mint fake NFTs.
STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.April 1, 2022
Bored Ape Yacht Club (BAYC), Nyoki, and Shamanz have all tweeted about the incident, confirming their Discords were hit, and blockchain investigator Zachxbt posted screenshots as proof that both the Doodles and Kaiju Kingz NFT projects have also been targeted.
Vice (opens in new tab) reports that the tactics used included tricking people into clicking a link, so they could mint a non-existent NFT. The hackers came in asking for ethereum, or an NFT wrapped into a token and appear to have been successful in a few instances.
“Oh no, our dogs are mutating," one hacked bot announced. "MAKC can be staked for our $APE token. Holders of MAYC + BAYC will be able to claim exclusive rewards just by simply minting and holding our mutant dogs." Alas, there were no mutant dog NFTs to be found, only pain and suffering.
The attempts have been traced back to a couple of cryptocurrency wallets now, on Etherscan—a blockchain explorer that can warn you of potential scams—these are labeled Fake_Phishing5519 (opens in new tab) and Fake_Phishing5520 (opens in new tab).
Among the swag, a Yuga Labs BAYC spinoff NFT was sold for 20 ethereum (~$69,000), the majority of which was swiftly transferred from the 5519 wallet, to the one marked 5520. 61 ETH ($211,000) then went through Tornado Cash, a site that essentially "improves the privacy of transactions by breaking the on-chain link between a source and a destination address."
All we know is the latter wallet then moved some money to a wallet containing 1,447 ETH ($5 million). That's quite the hoard, and finding the culprit is going to be nigh impossible, what with all the levels of anonymity crypto-trading comes along with.
I guess this should serve as another warning of the dangers of trading NFTs. It's clear many are under the impression NFTs are a scam (opens in new tab) in and of themselves, and with the likelihood of NFTs pervading the gaming space in 2022 (opens in new tab), we're going to be seeing a lot more scams like these appearing. Stay vigilant.
Crypto never sleeps, and neither do hackers.