NFTSECURITY

Discord has many issues! Monkey Kingdom and Fractal channels were hacked due to the bot being compromised. How to prevent this?

share
Discord has many issues! Monkey Kingdom and Fractal channels were hacked due to the bot being compromised. How to prevent this?

Discord is a discussion platform commonly used by investors in the cryptocurrency and NFT communities. Each project typically sets up an official Discord channel to release the latest/exclusive news, engage in community chats, but the platform can be a mix of good and bad, with vast and chaotic information. Well-known NFT projects Monkey Kingdom and Fractal were recently hit, causing losses for investors due to Discord issues. Both are popular NFT projects on Solana.

Monkey Kingdom Incident Summary

  • Scheduled for sale at 11:00 PM on the 21st: Total: 2221, price 0.49 SOL
  • At 10:00 PM on the 21st, the website was overloaded and under maintenance; whitelisted users couldn't mint first
  • At 11:00 PM on the 21st, officials stated that the Discord channel was hacked with a Webhook hack, phishing links were posted on the official bulletin board, do not click
  • Thousands of investors were scammed, totaling over $1.2 million in value hacker wallet
  • Officials stated that future announcements will only be made via Twitter account

Official Measures:

  • During the attack, some users were able to mint more than one Baepe NFT; refunds will be provided if returned to the official site
  • The previous Wukong series in the Baepe collection was canceled, a new series will be released
  • There are a total of 1301 whitelisted wallets, which will receive an airdrop of one Baepe NFT when the new series is launched
  • NFTs from the attacked version will not be recognized
  • The new series is not limited to minting only one
  • Providing a form to collect data from affected users, full compensation will be provided

Fractal Incident Summary

Fractal is an NFT marketplace with a larger following community, set to launch on Christmas, nearly 40,000 on Twitter, and over 100,000 on Discord.

  • On the 22nd, a false link to mint NFTs appeared on the Discord announcement channel, resulting in about 800 SOL being scammed, valued at approximately $150,000
  • 373 victims will receive compensation
  • All future announcements will only be made via Twitter

How to Prevent Discord Scams?

  1. Users: The handling of these two projects shows that they have chosen not to announce via Discord. Even though there are still fake accounts and hacked accounts on Twitter, it seems that double-checking messages on Twitter would be a good choice at this stage. In addition, there have been reports of users encountering fake team members in Discord private messages for scams, successfully stealing multiple NFTs. The lesson is to beware of community scams: do not easily run any files, do not send out any files, click on suspicious links, do not share screens.
  2. Operators: The Twitter account @SerpemntAU informed Monkey Kingdom that with just 11 lines of code, Discord groups can be protected from being hacked with phishing links; they also made instructional videos to allow operators to monitor phishing attempts.