Scammers have deceived Discord NFT buyers on Fractal, a new marketplace for NFTs, and stolen $150, 000 worth of their cryptocurrencies.
The scammers had sent a message via Discord, the official channel of Fractal, a new marketplace for game item, NFTs.
Scammers fraudulently added a link on official Discord channel, with fraudulently discounted rates.
Unknown to buyers, the link was a scam to steal crypto.
ALSO READ: What Are NFTs?
Many Unsuspecting NFT buyers followed the link and connected their crypto wallets, expecting to receive an NFT.
However, they got the shock of their lives when they woke up on Tuesday to discover their crypto accounts empty.
The scammers emptied and transferred to their own account, the victims’ holdings of Solana (SOL) cryptocurrency.
Estimating the worth, Tim Cotten, founder of another NFT gaming project, posted an analysis as thus:
He estimates the value of the SOL theft to run into $150,000.
Twitch co-founder Justin Kan founded Fractal as a startup project specializing in the buying and selling of NFTs representing in-game assets.
The startup launched in December 2021 and quickly gained over 100,000 users through Discord.
Kan had taken to Twitter to inform followers that hackers had hacked the platform.
Also, a tweet from main Fractal Twitter account confirmed the hack.
“The announcements bot on our @fractalwagmi discord was hacked. Do not go to any url and connect your wallet / mint anything. — Justin Kan ❄️ (@justinkan) December 21, 2021”
Buyers fell victim because they hoped to buy (mint) NFTs.
Note that the term, minting refers to buying NFTs when they are first created by a given project.
People mint NFTs to avoid buying them on the secondary market at a later date which is more expensive.
Examples of NFT projects is Discord.
Also, what aided the scam, though unintentionally, was an earlier post from Discord annoucing an upcoming airdrop.
Airdrop is a term in the NFT ecosystem that means a process where a crypto project distributes a number of tokens, usually to users who are early adopters.
Meanwhile, note that demand for token mints and airdrops are very high.
So, it is a sort of competition for buyers to quickly mint a token and airdrops when projects announce it.
Because of this development, the hacker cashed in on this to deceive the buyers before anyone could discover.
Note that the cryptography which cryptocurrencies and NFTs run on is highly secure.
It is unhackable.
However, the vast network of websites, projects and applications that deal on cryptos and NFTs which comprise the broader crypto ecosystem are prone to attacks.
Fractal account suggested that the fraudulent message had been posted to Discord via a webhook.
“Webhooks are a feature of web application design that lets an application listen for a message sent to a particular URL and trigger an event in response — for example, posting to a certain Discord channel.”
“If a webhook is not secured with additional authentication measures, effectively anyone with the URL is able to post to the channel. It is not clear what, if any, precautions were taken by the team behind Fractal to prevent this from happening.
“In the wake of the hack, a blog post from Fractal announced that victims who had lost money would be fully compensated. While apologizing briefly, the blog post also appeared to put some of the onus for security onto followers of the project, saying:
“If something doesn’t feel right in crypto, please don’t proceed, even if at first it looks legitimate. We must use our best judgement as there’s no ‘undo button’ in crypto.”