Hackers have exploited a popular Discord bot to deceive users into clicking malicious links inside Discord servers of several popular nonfungible tokens (NFT) projects.
Blockchain cybersecurity firm PeckShield published an alert via Twitter, warning that several NFT Discord servers were compromised. According to Vice, the hackers targeted Memeland, PROOF/Moonbirds, RTFKT, as well as the Web 3 infrastructure company CyberConnect.
CyberConnect later confirmed the hack, asking users not to click on any link. “We will never ask for your private key on Discord!” the company tweeted, noting the CyberConnect team is working to resolve the situation with the bot’s security in their server.
Memeland also alerted users on Twitter and Discord. “A discord bot (mee6) seems to be compromised across various high profile servers, including Proof/Moonbirds, RTFKT, PXN, and us,” a Memeland team member wrote. “Stay vigilant all the time. Deauthorize unused/unknown apps in your settings. Do not click on any links. And as always: DON’T TRUST. VERIFY.”
Several Discord Channels for some of the most popular NFT projects have been compromised in recent months. In April, Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz, had all Discord accounts hacked and abused. Earlier in May, several Discord servers for the NFT marketplace OpenSea were hacked.
The string of attacks exposes security weaknesses in NFT Discord channels. Roger Grimes, a data-driven defense evangelist at KnowBe4, says, “The key lesson here is that anyone in the potential attack chain of cryptocurrency or NFTs has to be secured as if they were a high-security government agency.” Grimes says cryptocurrency and NFTs are different and very attractive to attackers. “When an attacker finds a vulnerability in cryptocurrency or NFTs, it almost always directly leads right to value theft, and the victim almost always has no way of recovering that stolen value. The immutability of the blockchain cuts both ways, and sometimes it is not on the side of the good actor.”
All NFT and cryptocurrency services have to start acting like the high-risk targets that they are, Grimes says. “They have to lock down all devices and software with high-security configurations, require phishing-resistant MFA to log in, run application control problems backed by a secure hypervisor chip, aggressively patch all exploitable software and aggressively educate their employees on how to recognize and prevent phishing attacks,” Grimes adds.
Maria Henriquez joined Security Magazine in 2019 as its Associate Editor. Since then, she has been covering the security industry and reporting on issues affecting enterprise security leaders, to include cybersecurity, leadership and management, risk and resilience and pressing security challenges facing the industry. Within her role at Security, she works to produce several Special Reports and other stories for the monthly eMagazine, Newswire articles, Web Exclusive features, as well as manage social media, the 5 minutes with series, and the Today’s Cybersecurity Leader and Security enewsletter. She graduated from the University of Illinois at Urbana-Champaign with a bachelor’s in English and Creative Writing.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
A ransomware attack can devastate a company by encrypting all of its data and offering only one viable path to recovery: money.
Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.
Copyright ©2022. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing