Cost: still early to precise. Several servers of Discord were taken over by hackers that used bots to scam users. The damage caused to crypto and NFT owners can be irreversible.
Date: At least since the beginning of May 2022.
Industry affected: Financial/crypto
Threat Type: phishing attacks and bots
What is it?
Phishing happens when an attacker sends a fraudulent message to trick a person into sharing sensitive information with the attacker, as well as to deploy malware on the victim’s device.
A Bot is a script designed to act with an agency or simulate human behavior. In this case, bots were used to send phishing messages to Discord members.
Long story short, what happened?
Discord was created as a chat app for gamers but became the most well-known platform for crypto projects. Today, many NFT collections, such as the Bored Ape, use it as “their home”, having thousands of members on the platform’s server.
Different from traditional financial communications taking place with protocols like Bloomberg Terminal or SWIFT, the crypto world mostly uses Discord. The problem is that the chats are not encrypted and histories are available to whoever joins a channel, making impersonation scams very common.
Because Discord servers use bots to target a large number of users at once, the platform security is continuously at risk. Recently, hackers controlled servers, taking over the administrator’s bots that are used to communicate with members, and began posting fake messages, tricking these members into giving up their cryptocurrency or NFTs.
We must notice that crypto hacks can be executed very quickly – one wrong link is enough to irreversibly swipe someone’s possessions -, so hijacking a Discord server and controlling its bots became an efficient way to fraud a large number of people at once.
Why should you care?
Attacks like this have become increasingly high not only in the crypto but the financial world in general. Because of their capability to target a large number of people at once, while impersonating “human behavior”, bots have been used for several criminal operations and all sorts of fraud. These include account takeovers, user hijacking, card fraud, cart abandonment, and many more.