New way to steal NFT via Discord used by cyber criminals

At the end of 2021, the Non-Fungible Token (NFT) projects Monkey Kingdom and Fractal were targeted by the same hacking variant, in which electronic fraud was made possible by the abuse of Discord servers associated with these projects.

According to the report published by The Verge, in the official channels of these projects suddenly appeared some publications announcing rewards for some of their members, including a special edition NFT. Hundreds of users fell into the trap and rushed to click on these links, which led to the compromise of their Solana e-wallets, employed both by Monkey Kingdom and Fractal to perform transactions.

Both projects notified their users at around the same time that Discord’s servers had been compromised and this special edition NFT was a simple fraud. In Fractal’s case, threat actors managed to steal a total of $1.3 million USD in cryptocurrency.

To be specific, cybercriminals abused a feature on Discord known as webhooks, employed by multiple apps to listen to messages sent from particular URLs and trigger a response. After gaining access to webhooks associated with the Fractal and Monkey Kingdom servers, the cybercriminals managed to send transmitted messages to all members of certain channels, a function implemented for official communications between the main members of the project.

This is how the malicious content reached the rest of the members on the affected servers, since this method of distribution seemed legitimate enough that no one suspected that it was a malicious campaign.

The attackers knew they couldn’t focus on token compromise or blockchain technology, so they instead abused existing security flaws across the environment linked to these projects, including Discord’s chat rooms.

For cybersecurity specialists, this is a reminder of the weaknesses inherent in the characteristics of NTF trading, which together with the unprecedented price drops in virtual assets reveal the important areas of opportunity for investors, developers and enthusiasts.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.