More and more NFT hacks via Discord: Now also founders of "Blockchain City" affected

• Within a single day, the hacker stole 29.67 ETH from the community via webhook

• CityDAO is not the first victim of hacking: Fractal and Monkey Kingdom were also attacked within a month

• Vulnerability: According to Discord, it is working on closing the security gaps

On January 10th of this year, the crypto community CityDAO fell victim to a hacker attack. On Twitter, the “Blockchain City”, which was only founded in July 2021, warned its members against making transactions:

advertising

Use volatile market phases as a trading opportunity: trade cryptocurrencies directly with leverage now.

act now

77% of retail investor accounts lose money when trading CFDs with this provider. You should carefully consider whether you can afford to take the high risk of losing your money

However, it was already too late: According to the VICE information platform, the hacker was able to steal a total of 29.67 ETH (worth $100,000 at the time of the hack) within just one day, most of it in the first hour. In the following days he was still able to collect and hide ETH.

The hacker’s modus operandi: a webhook attack via Discord

The hack was implemented by Discord user Lyons800, who is apparently the moderator of the CityDAO Discord channel and co-founder of “Blockchain City”. Lyons800 confirmed this via Twitter and, like the user Little Lemon Friends linked by CityDAO on Twitter, explained how the attack on him and, as a result, the entire CityDAO community could be carried out.

First, the hacker chose a member (Lyons800) of the CityDAO Discord channel and then joined a second channel of which Lyons800 is also a member. The hacker got this other channel to block Lyons800 by providing false information, after which he got in touch with Lyons800 under the pretext of lifting the block. In a joint call, he asked his victim to share his screen and open an “inspection element” with ctrl+shift+i. Through this element, he apparently gained access to the entire Discord account of the CityDAO founder and was able to send a false announcement about purchase opportunities to the other members of the community as part of a so-called webhook attack.

CityDAO is not the first victim: Discord appears to be a weakness of the NFT communities

This is the third major hack via Discord within a month: On December 21 last year, the platforms Fractal (the equivalent of a loss of around 150,000 US dollars, but according to the company those affected should have their money refunded) and Monkey Kingdom attacked by hackers. According to The Verge, members of the Monkey Kingdom community were stolen in total around 1.3 million US dollars. According to VICE, a 17-year-old hacker stole a total of 88 ETH from members of the CreatureToadz community via Discord back in October.

Peter Day, Senior Manager of Corporate Communications at Discord, was quoted by The Verge as saying on the issue in early January: “Discord takes the security of all users and communities very seriously, which includes such social engineering attacks. Although there are already clear controls are in place, we will continue to work to make these attacks more difficult and will continue to invest in education and tools to protect our users.”

Olga Rogler / Editor finanzen.net

Featured leveraged products on DiscordWith knock-outs, speculative investors can participate disproportionately in price movements. Simply select the desired lever and we will show you suitable products on Discord

Leverage must be between 2 and 20

No data

Image sources: Phongphan / Shutterstock.com, wael alreweie / Shutterstock.com



ttn-28

Bir yanıt yazın