Thursday, August 18, 2022

Scammers steal $150K worth of crypto from NFT project with Discord hack

Customers hoping to get a limited-edition NFT from Fractal, a brand new market for sport merchandise NFTs, have been surprised on Tuesday when it was revealed that a link sent through the project’s official Discord channel, was a scam set up to steal crypto.

Users who followed the link and connected their crypto wallets, expecting to receive an NFT, instead found that their holdings of Solana (SOL) cryptocurrency were emptied and transferred to the scammer’s account.

As such, an analysis posted on Medium by Tim Cotten, founder of another NFT gaming project, estimated the value of SOL stolen to be around $150,000.

It is worth mentioning that Fractal is a startup project from Twitch co-founder Justin Kan specializing in the buying and selling of NFTs representing in-game assets. It was announced earlier in December and quickly amassed a following of more than 100,000 users through Discord — making it a target for the kind of scammers that have plagued NFT projects since the beginning.

In parallel, the attack took advantage of users hoping to mint NFTs, the term given to buying tokens at the moment when they are first created by a given project, rather than buying them on the secondary market at a later date.

Within the wake of the hack, a blog post from Fractal highlighted that sufferers who had misplaced cash can be absolutely compensated. Whilst apologizing in brief, the weblog submit additionally looked as if it would put one of the onus for safety onto fans of the challenge, announcing:

“If one thing doesn’t really feel proper in crypto, please don’t continue, despite the fact that in the beginning it seems reputable. We should use our highest judgement as there’s no ‘undo button’ in crypto,” it noted.

Though the post from the Discord bot was fake, Fractal’s posted a tweet just hours earlier hinting at an upcoming airdrop: a process where a crypto project distributes a number of tokens, usually to users who are early adopters. Since demand for token mints and airdrops is often very high, the pressure for users to move fast when snap announcements are made creates an attack vector that scammers are all too happy to exploit.