Analysts believe that NFT hacks via Discord are linked.

Jamie Larson

2 min read
Analysts believe that NFT hacks via Discord are linked.

According to blockchain intelligence firm TRM Labs, an analysis of recent hacks targeting non-fungible token (NFT) projects conducted via the social media platform Discord reveals that many of them are part of a larger string of attacks.

Such attacks have increased dramatically in the last three months, and the NFT community has lost up to USD 22 million since May 2022.

According to a recent report by the firm's researchers, phishing attacks related to NFT minting scams carried out via compromised Discord accounts increased by 55% last June compared to May 2022.

Yuga Labs, the company behind the Bored Ape Yacht Club (BAYC) collection, is one of the NFT project exploits that could be linked to other hacks, according to TRM Labs.

"On June 4th, Yuga Labs' Discord servers were hacked when BorisVagner.ETH, Yuga Labs' Social Manager, had his verified Discord account compromised." According to the report, "while in control of the verified account, the hacker began posting promotional material to the account's Discord community."

The company’s researchers said that a review of more than 15 "notable" Discord compromises targeting NFT servers and analysis of on-chain and off-chain data suggest that "dozens of these recent account compromises are likely related."

Furthermore, they stated that some of the linked compromises include well-known NFT Discord project accounts like BAYC, Bubbleworld, Parallel, Lacoste, Tasties, Anata, and others.

TRM Labs claims that its analysis of on-chain and off-chain data shows that many of the attacks through Discord that targets NFT projects exhibit similar patterns of behavior. Hackers use a variety of methods to defraud Discord users, including:

Using sophisticated social engineering techniques such as phishing and fraudulent accounts that pose as administrators; exploiting bot vulnerabilities such as the Mee6 bot, which allows administrators to automatically assign and remove roles and file messages to the community; and, in some cases, updating administrator settings to prevent Discord moderators from interfering with their criminal operations.

According to the report,

"Hackers' user messages have routinely attempted to capitalize on the sense of urgency typically associated with NFT minting events, prompting users to act quickly in order to avoid missing out on a free giveaway or limited inventory."

TRM Labs contends that, as NFT projects work to improve the security of their platforms and servers, and law enforcement and other groups work to prevent attackers from carrying out future exploits, individuals should also take precautions.

"Being aware of common attack vectors, such as Discord, and common threat actor tactics, such as phishing attacks that use [fear of missing out] FOMO-inducing language, will help mitigate the risk of becoming a victim of these scams," the researchers concluded.