Animoca Brands and subsidiary Blowfish Studios have confirmed they will repay 265 ETH ($1.1 million) that were stolen in a fraudulent NFT sale on Discord.
The fraudulent minting event took place on November 19th at about 3 AM AEDT on the Phantom Galaxies Discord server. In three hours, 1,571 fake minting transactions were recorded.
Phantom Galaxies represents an upcoming Australian game that Blowfish Studios is developing. The Phantom Galaxies Discord server already has 94,000 members.
Hackers seem to have gotten control of the Official Phantom Galaxies server thanks to a malware bot that was able to compromise the Admin account’s two-factor authentication. After gaining control of the Discord server, the hackers went on to ban all staff, advisors, and community moderator accounts. This type of hacking seems to be more and more common on Discord.
The group of hackers then posted announcements which claimed that the game was releasing a surprise “stealth” NFT minting event and directed users to a fraudulent “Phantom Galaxies NFT minting platform,” which asked for a 0.1 ETH “minting fee.”
Yat Siu, the chairman of Animoca Brands, tweeted about the fraudulent NFT drop at about 4 AM AEDT. An hour and a half later he tweeted again, confirming that those affected will be “appropriately compensated.”
A California-based project manager for an upcoming NFT project, Terra Obscura, known as Woodz, lost $1,000 to this scheme.
“As I was doing it, it seemed a bit off. The gas was unusually low and the contract looked different. I knew something was wrong but not sure what.”
Woodz said that they don’t have the habit of “just click[ing] links,” but that the method used here made it easy to fall for.
Exactly two weeks ago, a similar attack took part, one that involved Beeple, the famous NFT artist. People were led to believe that they were simply joining a highly affordable NFT drop that was happening at the same time as the Christie’s auction.
Following this, Beeple has decided to remove links from his Twitter account that directed users to Discord, while other links to the server seem to no longer work.
RiskIQ, a cyber security company, revealed that Discord is now a hot spot for cybercriminals. The company found 27 unique malware types that were hosted on the CDN servers of Discord.
But this was known for quite some time, as in April, Talos Intelligence, stated:
“Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organizational defenses.”