Beware of hackers – Faced with the rise of cryptocurrencies, many hackers and scammers have become interested in this ecosystem. Thus, the latter redouble their ingenuity to trap their victims. More and more different scams are emerging and no moment of inattention is allowed for cryptocurrency holders.
The Aristrocrats Project Discord Server Hack
A few weeks ago, the NFT project strategist Aristocrats returned to Twitter on the hack he suffered. An event that highlights several practices of Web3 scammers and hackers, so why not prevent this mishap from affecting other users.
Thus, on July 1, Reycsn published a thread to return to the Discord account hack.
His misadventure begins on June 30, when someone contacts him to offer him a job for an NFT project. So far Reycsn says he’s flattered by the offer and sees no warning signs about his trade.
Caught up in work, he leaves the conversation on hold before taking an interest in it again, late at night, around 1 a.m. By going to the Discord of the project, it still does not perceive any warning sign of the scam. Indeed, the Discord has 13,000 members and seems quite cleansolid.
Like most Discord servers, this one has security to manage access. Thus, a QRCode is presented at Reycsn which he must scan with his Discord application. An action that he finds “not shocking” and that he performs without asking himself any more questions.
After hanging out a bit on the server, the latter decides to go to bed without suspecting what was going to happen. During the night, he is awakened by other members of the project and the sentence falls: the Aristrocrats Discord server has been hacked.
As often, this hack comes with a phishing link aimed at stealing the NFT holders of NFT Aristocrats.
>> Don’t get caught in the bait. Choose the LiteBit regulated platform (affiliate link) <<
It only took a QRCode
In fact, when he scanned the QRCode, Reycsn allowed the attacker to log into his Discord account. Once in possession of the account, he was able to add his own account as an administrator and take full rights on the server. He took the opportunity to post his phishing message and ban all Discord moderators.
When members of the Aristrocrats team attempted to regain control of the server, the attacker deleted the entire chat channels as a final retaliation.
After several attempts, the teams finally managed to regain full powers and restore the Discord.
Discord: the new hunting ground for hackers
Unfortunately, this story is far from isolated. Thus, during the month of June, there are more than one hundred Discord servers of NFT projects that have been victims of attacks of this type.
The Internet user @NFTHerder listed them carefully. The list contains many major projects such as the Bored Ape Yacht Club or the Lacoste project.
Each time, the attacker managed to recover an administrator account and used it to carry out a phishing attack.
Twitter PDF File Scam
Unfortunately, this is not the only scam affecting the NFT ecosystem. Indeed, many artists have also been targeted by attacks aimed at steal their cryptocurrencies and NFTs.
>> You don’t understand anything about NFT? Enjoy a wide crypto choice on LiteBit (affiliate link) <<
Security analyst @Serpent also recently published a thread explaining a new type of attack.
Thus, in this scam, a user will contact the NFT artists on Twitter claiming a job offer.
After praising the merits of the artist to make him lower his guard, the scammer send a PDF specifying the details of the proposed mission.
Except that in reality, although the downloaded file seems to have the extension .pdf it is actually a file screen saver in .scr which contains a script to infect the victim’s machine.
Once infected, the attacker can recover all of the user’s cryptocurrencies and NFTs.
“How did he do that?” A simple extension spoof. He changed the file name and added .pdf at the end, then changed the file icon to a PDF icon. It also filled the file with junk code to exceed the maximum size of 650 MB set by VirusTotal. »
Let’s now look at some good practices to put in place to protect yourself as much as possible from hackers.
First, perhaps the most obvious, yet very poorly applied protection, namely to do not store their private keys in plain text on their computer. Thus, even if the attacker manages to infect the computer, it will not have direct access to your private keys.
The attack presented by @Serpent makes it possible to propose several security checks to be carried out systematically:
- Do not download and/or open received files by untrusted third parties;
- Still check the extension of a file downloaded before opening it.
For its part, the misadventure of the Aristocrats makes it possible to raise other good practices:
- Have a non-professional Discord accountto avoid linking his pro account to his personal activities;
- Avoid making decisions late at night. This is a time when inattention is important, conducive to hackers.
And as always, if the offers are too tempting, it’s probably a scam.
Another one scam has been going around a lot lately on Twitter, that of the “student wallet”. Thus, a user will send you private keys asking you to perform a transfer for him. Its purpose is to siphon off funds that you will send to the address to pay transaction fees.
Avoid too-good-to-be-true offers like the plague and get into the habit of being healthy with suspicion. On the other hand, also learn to place reasonable trust in respectable and recognized players in the ecosystem. Register now on the LiteBit platformyou will receive €20 as a welcome gift (affiliate link).