The hack is recent in an extensive series of attacks aimed at Discord users with fraud "stealth" NFT drops.
Animoca Brands, a Hong Kong-based gaming and venture capital firm, and its auxiliary Blowfish Studios have pledged to repay users 265 ETH (US$1.1 million) stolen in a fake nonfungible token (NFT) sale on Discord.
The fake minting happened on the Phantom Galaxies Discord server around 3 a.m. AEDT on November 19. Over around three hours, it observed 1,571 fraud minting transactions.
Blowfish Studios in Australia is developing on Phantom Galaxies, an upcoming game. There are 94,000 members on the Phantom Galaxies Discord server.
Hackers captured control of the official Phantom Galaxies server using a malware bot that hacked the Admin account's two-factor authentication, an increasingly prevalent occurrence on Discord. When the hackers gained control of the Discord server, they blocked all staff, advisors, and community moderator accounts.
The hackers then started posting announcements, stating that the game was conducting a surprise "stealth" NFT minting event immediately. Users were routed to a fake "Phantom Galaxies NFT minting platform," where they were charged a 0.1 ETH "minting fee."
Yat Siu, Chairman of Animoca Brands, alerted followers about the fake NFT drop in a tweet around 4 a.m. AEDT on Nov. 19.
At 5:22 a.m., he tweeted again, stating that impacted consumers would be "appropriately compensated." This was confirmed in a Nov. 24 press release from Animoca, which announced that compensation details will be provided soon.
This attack cost "Woodz," a Californian project manager for an upcoming NFT project named Terra Obscura, $1000 USD. They told that they realised they'd been scammed soon after minting two non-existent NFTs: “As I was doing it, it seemed a bit off. The gas was unusually low and the contract looked different. I knew something was wrong but not sure what.”
Woodz went on to say that they "don't normally just click links," but fall into the hacker's trap due to the way the notification was placed within the official announcement channel.
The attack on Phantom Galaxies follows a similar attack on renowned NFT artist Beeple on November 11. Users mistakenly thought they were signed up for a low-cost NFT drop scheduled to correspond with his second Christie's auction.
The attacker impersonated one of the channel admins and also the Beeple Announcements Bot to publicize a fake NFT drop from Beeple on Nifty Gateway. Beeple has eventually deleted links to the Discord server from his Twitter profile, and other links to the server seem to be not working.
As per a report published on October 21 by cyber security company RiskIQ, Discord is becoming a consistently popular platform for cybercriminals. Researchers from RiskIQ discovered 27 distinct malware kinds housed on Discord's CDN servers.
Talos Intelligence observed in April that hackers were increasingly utilizing platforms like Discord to exploit users who were at home because of global COVID-19 restrictions.
“Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organizational defences,” it stated at the time.
