Two Web3 security firms have issued reports focused on the recent spate of hacks targeting NFT projects, likely by an interconnected group of hackers using compromised Discord server administrator accounts.
According to a recent analysis by TRM Labs, cyber attacks against NFT collections have steadily increased in 2022, costing the NFT community over $22 million in May alone. NFTs are blockchain-based tokens that show ownership over digital or physical assets.
In the report, TRM Labs – which specializes in digital asset compliance and risk management – says that cyber attacks related to NFT coin scams deployed through compromised Discord accounts increased by 55% in June 2022 compared to the previous month.
“Since 2022, we’ve seen these compromises happen on a large scale, especially on Discord,” TRM Labs researcher Monika Laird said Decrypt in an interview.
TRM Labs says it has received over 100 reports of Discord channel hacks in the past two months through its Chainabuse reporting platform. Laird says the attacks occur weekly and often target ERC-721 tokens, which is a token standard on the Ethereum blockchain for non-fungible tokens.
On the chain side, she said, the relationship between the common consolidation points (exchanges, mixers) and wallets suggests that the same actors are driving the bulk of these attacks.
Yuga Labs, the company behind NFT status symbol Bored Apes Yacht Club, said on Twitter last week: “Our security team has tracked a persistent threat group targeting the NFT community. We believe they may soon launch a coordinated attack targeting multiple communities via compromised social media accounts. Stay alert and stay safe.”
TRM Labs says on-chain data suggests many of the Discord compromises are linked to the same hacker that targeted Bored Ape Yacht Club in June. According to the firm, other targeted projects include Bubbleworld, Parallel, Lacoste, Tasties, Anata and more.
As Laird explained, there have been over 150 compromises since May targeting an admin role within a larger NFT project channel. Once the hackers control the admin account, they send out links to promotional gifts and “exclusive” NFTs that push people to jump into these malicious sites by creating a false sense of urgency.
“Discord itself doesn’t necessarily have a weakness, but it just makes it a very targeted environment,” says Chris Janczewski, head of global research at TRM Labs. “If you’re looking for people who own NFTs, you go to a place where they’re all connected and you have a point to be able to make [contact] with them.”
While cyberattacks targeting Discord have been successful, Laird pointed out that hackers also compromised Twitter and Instagram accounts in recent months.
TRM Labs says that the speed at which the attacks are occurring, and the fact that they are occurring across multiple blockchains, suggests that they may be separate attacks by rival cybercriminals conducting fraud at the same time using tools delivered as a “Scam-as- a-Service,” turnkey, pay-as-you-go services to launch attacks.
In a separate report that will be published on Thursday and previewed by Decryptblockchain security firm Halborn has also seen an increase in threats targeting crypto, separately pointing to the North Korean Lazarus Group, which the US Treasury Department claims orchestrated the $622 million hack of the Axie Infinity Ronin Network.
But unlike TRM Labs, Halborn sees the threat as coming from China.
“Our analysis indicates that this attack came from a Chinese group targeting high-value individuals,” said Alpcan Onaran, an offensive security engineer at Halborn. Decryptt via Telegram. “We expect a logarithmic increase in advanced persistent attack (APT) activity and also expect to see various adversaries targeting Web 3.0 companies and individuals.”
Onaran says that in Web3, security should be considered in all aspects, both technical and non-technical, to defend against these new threats.
“There is a saying that there are no such things as new crimes [or] new fraud; it’s the old ones repackaged,” says Janczewski. “So it makes perfect sense that all that kind of spearfishing, FOMO, getting people to do things irrationally very quickly, has swung into the new area, which is NFTs .”
Stay up to date on crypto news, get daily updates in your inbox.
