6

A Hacker Is Negotiating With Victims on the Blockchain After $1.4M Heist

 2 years ago
source link: https://www.vice.com/en/article/akv7aa/a-hacker-is-negotiating-with-victims-on-the-blockchain-after-dollar14m-heist
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Wave of Discord Hacks Is Making the Crypto Crash More Painful for Investors

Dozens of hacks have targeted NFT project Discords in recent weeks amid a crypto crash that's only getting worse.
June 14, 2022, 3:56pm
discord-hacks-crypto
Image: Justin Paget/GettyImages

Virtually every cryptocurrency has been crashing for at least a month—and it keeps getting worse. This has led to major cryptocurrency companies Crypto.com, Gemini, and Coinbase to lay off between 5 percent, 10 percent, and 18 percent of their staff, respectively. But there is one group that’s still thriving in the crypto world: Discord hackers.

Advertisement

In the first two weeks of June alone, hackers have compromised dozens of  Discord servers, seven of which occurred just in the last three days. One blockchain analyst tallied 41 hacks occurring between June 1-10, and the popular “Web 3 is going just great” project—which chronicles hacks, scams, lawsuits and other bad news in the world of crypto—counted several more recent breaches. (Motherboard confirmed a sample of 24 of these hacks.)

Among the hacked Discords were popular NFT projects like the Bored Ape Yacht Club, Mars Cats Voyage, Known Origin, and Homeless Friends. 

Even as cryptocurrencies crash and the money going around the whole ecosystem is slowing down, there’s still some to steal, which explains why hackers haven’t stopped during the so-called “crypto winter.” Targeting Discord servers and channels is also a great way  for hackers to simultaneously target thousands of people who hold cryptocurrencies and NFTs. 

Advertisement

Usually, hackers take over the accounts of administrators and post an announcement with a malicious link, or use the admin’s account to push out similar announcements using the bots that the admins have control of. In both cases, from the perspective of the users, these are messages coming from people or bots that are part of the daily routine of the Discord server, which makes them trustworthy. And that’s why they are so successful.

Hackers can also target multiple servers at the same time by compromising bots that are used by several crypto projects. In May, during another string of hacks targeting NFT projects’ Discord servers, hackers were able to hit multiple projects at the same time by taking control of the Discord bot MEE6, a tool that helps Discord server owners automate welcome messages, announcements, and other events.

At the time, the MEE6 Twitter account said that the root cause of the hacks was that one of its employees was hacked. 

Do you have information about hacking groups targeting Discord servers? Or do you know of other web3 and crypto hacks? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email [email protected]

Advertisement

It’s unclear if the recent string of hacked Discord servers was also done by compromising a bot used by different projects or by targeting individual projects, or with a combination of both strategies.  

Discord did not immediately respond to a request for comment. 

Ultimately, as Motherboard reported at the end of May, these hacks are happening because Discord was never built for users and servers that required a high level of security. 

“[Discord] is not built with the idea of enshrining secure communications, it is not built with the idea of thorough privacy in mind. It is not built with the idea of very focused almost [Advanced Persistent Threat] level attackers. Some of these scam groups must have dozens or hundreds of employees in them,” Mitchell Amador, the CEO of blockchain security firm Immunefi, previously told Motherboard. “They're effectively corporations that are professional and dedicated to achieving these outcomes. And they are just ripping through Discord. It was never built to protect against such a dedicated attacker who is targeting such a vast swathe of accounts.” 

Subscribe to our podcast, CYBER. Subscribe to our new Twitch channel.

ORIGINAL REPORTING ON EVERYTHING THAT MATTERS IN YOUR INBOX.

Your Email:

By signing up, you agree to the Terms of Use and Privacy Policy & to receive electronic communications from Vice Media Group, which may include marketing promotions, advertisements and sponsored content.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK