The DeFi business faces a growing danger from hackers. Every day, we see a number of protocols get hacked, phished, and compromised. Furthermore, the prominent hackers that continue to harm projects in the cryptocurrency industry have not spared Non Fungible Tokens (NFTs). While these attacks have resulted in huge losses for the DeFi and NFT industries, these figures pale in comparison to the cryptocurrency market’s rapid expansion. Cryptocurrencies continue to be a heated topic in various circles. This is owing to the fact that they pose a danger to the overall market. Everything comes crashing down in some circumstances, such as LUNA/UST.
Let’s look into some of the highlights that happened this week:
Axie Infinity Discord Server phished
On 18th May 2022, Axie Infinity announced on Twitter that their discord server faced a phishing attack.
The attacker used the Axie Infinity Discord server’s Mee6 bot to post a fraudulent mint link in the announcement channel. Mee6 bot is used by 18+ million servers in discord. Mee6 bots have various features including:
- Send a welcome message to inform newcomers about the server’s rules, topics, or ongoing events.
- Through Mee6, the server admin can generate commands that automatically give and remove roles and send messages in the current channels or in the user’s DM.
- Mee6 is used to notify the server when content creators begin to stream, upload, and post content.
- By the use of Mee6, the server admin can give the community the option to be pinged for new announcements, access to other parts of your Discord server, or just to identify themselves, by clicking chosen servers emoji.
- Mee6 also has a leveling and XP feature to identify and reward the most active members of the community.
Some believe the hackers first acquired access to the administrator accounts. MEE6 was then utilized to gain access to another administrator account. They were able to send webbook messages while hiding a compromised administrator account by hacking the Mee6 Bot.
Seth Green’s NFT was exploited.
Seth Green is a popular actor who has starred in movies like Rat Race, The Italian Job, Can’t Hardly Wait, Without a Paddle, and as a child in the horror film Stephen King’s It. On 17th May 2022, he announced that he had been a victim of a phishing attack.
Four of his valuable NFTs were stolen. These include a Bored Ape Yacht Club NFT (worth approx $200,000), two Mutant Ape Yacht Club NFTs ($40,000 each), and a Doodles NFT ($28,000). All up, he lost around $308,000 worth of NFTs after connecting his wallet to a dodgy site.
As explained by Seth, he was trying to buy a Gutter Clone NFT and connected his wallet to the site, which ended up being a scam website. “Phishing link looked clean,” he said.
Feminist Metaverse token exploited for $533,000
On 18th May 2022, FM announced that they are under attack by a scammer.
Feminist Metaverse aims to greatly reduce the impacts on women’s normal work and inequality in wages brought by their physiological differences and pregnancy through Metaverse. According to FM’s whitepaper, “Building a feminist metaverse economic entity will increase women’s income, promote women’s status, safeguard gender equality, and enable the disadvantaged groups to participate in the global economy.”
FM run son BNB chain. The attack was considered to be a flash loan attack and it drained a total of 1838 BNB or $540,000.
CoinGecko and Etherscan reported a security breach
One should always take care of what signatures are they signing to avoid scams like this.
It is recommended that you do not install a wallet browser extension on your computer. Also, if you need to utilize a browser wallet, consider adding OpenSnitch. Little Snitch, a macOS application-level firewall, provides the foundation for OpenSnitch. All outgoing connections are tracked, and the user is notified when one is established. This enables the user to identify and stop any potentially harmful connections. Block all inbound and outbound traffic, then create a whitelist of the bitcoin exchanges you use.
DeFi & NFT hacks have been so prominent nowadays. We see protocols, projects, individuals, and marketplaces getting hacked every single day. While Blockchain & cryptocurrency space is still maturing, security is an important aspect to be looked upon. While as a user we cannot do anything about a protocol being hacked, on an individual level we can practice a few steps to avoid ourselves scams. For example:
- Never share your OTP, Seed phrase, and 2FA code with ANYONE.
- Always protect your personal information. Refrain from posting your personal details anywhere on social media.
- ALWAYS use a cold or Hardware wallet to store your immense amount of digital valuables.
- Double-check the website you are visiting and connecting your wallet to.
- Install a firewall if possible to avoid scams on your browser wallet.
- Avoid clicking every link that is posted on the Discord server.
In line with this, many users lack knowledge of the crypto industry because they have not taken the time to understand the ins and outs of the cryptocurrency industry. Before you get into any of DeFi or NFT or Metaverse projects, always do your own research. Don’t get into something because someone asked you to. Protecting your funds is in your hands.
- Crypto News BlockMagnates: Photo by AbsolutVision on Unsplash