{"id":417872,"date":"2022-03-18T08:21:05","date_gmt":"2022-03-18T05:21:05","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/rare-bears-discord-phishing-attack-nabs-800k-in-nfts\/"},"modified":"2022-03-18T08:21:05","modified_gmt":"2022-03-18T05:21:05","slug":"rare-bears-discord-phishing-attack-nabs-800k-in-nfts","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/rare-bears-discord-phishing-attack-nabs-800k-in-nfts\/","title":{"rendered":"# Rare Bears Discord phishing attack nabs $800K in NFTs"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a382eb3dc7e0\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a382eb3dc7e0\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/rare-bears-discord-phishing-attack-nabs-800k-in-nfts\/#%E2%80%9D_Rare_Bears_Discord_phishing_attack_nabs_800K_in_NFTs_%E2%80%9C\" >&#8221; Rare Bears Discord phishing attack nabs $800K in NFTs  &#8220;<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/rare-bears-discord-phishing-attack-nabs-800k-in-nfts\/#How_the_attack_happened\" >How the attack happened<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Rare_Bears_Discord_phishing_attack_nabs_800K_in_NFTs_%E2%80%9C\"><\/span>&#8221; Rare Bears Discord phishing attack nabs $800K in NFTs  &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDMvOTc0NGYxN2EtY2Y1ZS00ZTlhLTg1MjctODgyOGFlMGM3ZmJkLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>Recently launched NFT project, Rare Bears, was hit with an attack, after a hacker posted a phishing link in the project&#8217;s Discord channel, stealing nearly $800,000 in NFTs.<\/p>\n<p>Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1504340385673654273\">179<\/a> NFTs, including Rare Bears and other NFTs from various collections, including CloneX, Azuki, a \u201cmfer\u201d from artist sartoshi, and 6 LAND tokens used for The Sandbox metaverse.<\/p>\n<p>According to on-chain <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/address\/0x67542f6e4ea651f4c72ab24abf2eb9c2c202fce1#analytics\">analysis<\/a>, most of the NFTs were sold, netting the hacker 286 ETH, worth over $795,500, most of which was promptly put through Tornado Cash, a crypto mixer used to obfuscate the source of funds.<\/p>\n<p>A slate of similar phishing scams have occurred in recent months on Discord, suggesting some teams need to more carefully consider the security on admin accounts. Earlier today, the Rare Bears team posted that they had hired security consultant and auditor \u201cPandez\u201d for a full security audit of its Discord.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_the_attack_happened\"><\/span>How the attack happened<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>According to an <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/BearsRare\/status\/1504651613910466561\">update<\/a> posted by the Rare Bears team, the hacker gained access to the account of a Rare Bears Discord moderator known as \u201cZhodan\u201d, posting an announcement within the group&#8217;s channel that a new mint of NFTs was taking place.<\/p>\n<p>It was a fake of course \u2014 a phishing link designed to steal funds from a users&#8217; wallet.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"> Warning <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/BearsRare?ref_src=twsrc%5Etfw\">@BearsRare<\/a><br \/> Discord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team are working on the situation as we speak <\/p>\n<p>\u2014 Rare Bears (@BearsRare) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/BearsRare\/status\/1504293859467350019?ref_src=twsrc%5Etfw\">March 17, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The update from the security audit found that the head of the project\u2019s Discord account was compromised. The attacker, using the compromised account, then banned other members, or removed their roles from the server, thereby removing their ability to delete the posted phishing link.<\/p>\n<p>The attacker then invited a bot which locked all channels on the server, removing the ability for others to publicly communicate that the posts and links were fake.<\/p>\n<p>Rare Bears said the team was able to regain control of the server, removing the compromised account and transferring ownership to a new one, and that the server is secure from another attack.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>NCA wants regulation for coin mixers, but the crypto industry is already one step ahead<\/em><\/strong><\/p>\n<p>Speaking to Cointelegraph, security consultant Pandez said that users should look out for a few key signs that could mean a message is a scam.<\/p>\n<p>\u201cAlmost no serious project will ever do a stealth mint,\u201d Pandez said, \u201cnever click any links which <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ear like this.\u201d<\/p>\n<p>Pandez said other red flags are if channels are locked during a \u201cdrop\u201d of a new NFT collection, if the link differs to those shared on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> or other official sources for the project, and if the link is continuously posted in the channel.<\/p>\n<p>Past attacks of a similar nature have happened on Discord. In December, Solana NFT project Monkey Kingdom announced that hackers made off with $1.3 million of the community&#8217;s crypto funds after a security breach. Attackers there also posting a phishing link which drained users\u2019 wallets.<\/p>\n<p>Last November, members of the Discord of popular NFT artist Beeple were also scammed, with attackers gaining access to a moderators account to post a phishing link, similarly draining user funds.<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/rare-bears-discord-phishing-attack-nabs-800k-in-nfts\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Rare Bears Discord phishing attack nabs $800K in NFTs &#8220; Recently launched NFT project, Rare Bears, was hit with an attack, after a hacker posted a phishing link in the project&#8217;s Discord channel, stealing nearly $800,000 in NFTs. Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":417873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDMvOTc0NGYxN2EtY2Y1ZS00ZTlhLTg1MjctODgyOGFlMGM3ZmJkLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74882,95118,71006,70944,75134,71101,72287],"class_list":["post-417872","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-hacks","tag-nft","tag-fraud","tag-hackers","tag-phishing","tag-scams","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/417872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=417872"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/417872\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/417873"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=417872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=417872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=417872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}