Hacked NFT projects, $22 million in damage

An analysis concluded that the hacker targeted the Bored Ape Yacht Club and other NFT projects.

Two Web3 security companies have released reports focusing on the recent hacked NFT projects. This is probably due to a hacker’s connection group using the compromised Discord server administrator account.

According to a recent analysis by TRM Labs, cyberattacks on NFT collections steadily increased in 2022, causing more than $ 22 million in damage to the NFT community in May alone. NFTs are blockchain-based tokens that show ownership of digital or physical assets.

In a report, TRM Labs, which specializes in digital asset compliance and risk management, reported that cyberattacks related to NFT mining scams deployed through compromised Discord accounts were 55 in June 2022 compared to the previous month. It states that it has increased by%.

“Since 2022, we’ve seen these compromises happen on a large scale, especially on Discord,” TRM Labs investigator Monika Laird told Decrypt in an interview.

The NFT community has suffered more than 150 compromises targeting NFT projects' Discord servers since May 2022. A sampling… (1/2) pic.twitter.com/cEdPaV5mQI

— TRM Labs (@trmlabs) July 25, 2022

TRM Labs states that it has received over 100 reports of Discord channel hacking through the Chainabuse reporting platform in the last two months. According to Laird, attacks occur weekly and often target ERC-721 tokens. This is the Ethereum blockchain token standard for irreplaceable tokens.

On the on-chain side, she said, the relationship between common integration points (exchanges, mixers) and wallets suggests that the same actor is carrying out most of these attacks.

Our security team has been tracking a persistent threat group that targets the NFT community. We believe that they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts. Please be vigilant and stay safe.

— Yuga Labs (@yugalabs) July 18, 2022

Yuga Labs, the company behind NFT status icon Bored Apes Yacht Club, said on Twitter last week: “Our security team has been tracking a persistent group of threats targeting the NFT community. We believe they may soon launch a coordinated attack targeting multiple communities through compromised social media accounts. Please be vigilant and stay safe. “

According to TRM Labs, data on the chain suggests that many of Discord’s breaches are related to the same hacker who targeted the Bored Ape Yacht Club in June. Other target projects, according to the company, include Bubbleworld, Parallel, Lacoste, Tasties and Anata, and more.

Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at discord@yugalabs.io.

— Bored Ape Yacht Club (@BoredApeYC) June 4, 2022

As Laird explained, since May there have been over 150 breaches targeting administrator roles within the larger NFT project channel. When a hacker controls an admin account, it sends a free gift or a link to an “exclusive” NFT mint, creating a false sense of urgency and prompting you to jump to these malicious websites.

“Discord itself isn’t necessarily weak, but it’s just a very targeted environment,” said Chris Janczewski, Global Research Director at TRM Labs. “If you’re looking for someone who owns an NFT, there’s a point where you can go to where they’re all hanging out and [contact] them.”

Although cyberattacks on Discord have been successful, Laird has pointed out that hackers have also compromised Twitter and Instagram accounts in recent months.

According to TRM Labs, the speed at which attacks occur and the fact that they occur on multiple blockchains are rivals performing simultaneous fraud using tools designed as “fraud as a service”. Suggests that it may be an individual attack by a cybercriminal. , Turnkey pay-as-you-go service for launching attacks.

In a separate report released on Thursday and previewed by Decrypt , blockchain security firm Halborn has also seen an increase in threats targeting cryptocurrencies, for North Korea’s Lazarus Group alone, which the U.S. Treasury Department claims orchestrated the $625 million hack of axie Infinity Ronin network.

While TRM Labs did not specify where the attacks came from, Halborn found the threat originated inside China.

“Our analysis indicates that this attack came from a group of Chinese targeting high-value individuals,” Alpcan Onaran, the security engineer who attacked Halborn, told Decryp via Telegram. We are expecting a logarithmic increase in advanced continuous attack (APT) activity and also expect to see different adversaries target Web 3.0 companies and individuals. “

Onaran says that in Web3, security needs to be considered in every aspect, both technical and non-technical, to protect against these new threats.

“There’s a saying that there’s no such thing as a new crime [or] new scam,” Janczewski said; there are old crimes repackaged.” So it makes perfect sense that all sorts of online scams, FOMO, which makes people do things irrationally very quickly, have pivoted to the new space, which is NFTs. “

>> See also: FTX review 2022: FTX sign up for beginners.