The non-fungible token (NFT) account of the moderator was exposed in the attack by posting a phishing link that empty the user funds.
Rare Bears which is a newly launched non-fungible token project was hacked when a phishing link was posted by a hacker who manage to steal around $800,000 value NFTs from its Discord channel.
Peckshield which is a blockchain security company analytics shows that the hacker managed to steal 179 NFTs from different collections such as Azuki, 6 LAND tokens which are utilized in The Sandbox metaverse, CloneX, and “mfer” of sartoshi, and also including Rare Bears tokens.
Most of the NFTs were immediately sold by the hacker earning him around 286 ETH, which valued over $795,500 and most of it instantly go through a crypto mixer Tornado Cash which is used to conceal the funds source.
On the Discord channel, a similar type of phishing scams took place in the past months which suggests the admin account security needs to be considered more cautiously by some of its teams. Today the Rare Bears team post stated that for the security audit of Discord they hired the auditor and security consultant from Pandez.
According to Rare Bears posted an update, the Discord moderator which is known as Zhodan was accessed by a hacker, who posted a fake announcement within its group’s channel regarding the new NFT’s mint is taking place with a phishing link placed to steal the user’s funds.
The security audit report update found that the Discord head of the program account was hacked. The hacked account was used by the hacker who removed the roles and banned the other members from the server erasing their capability of deleting the phishing link which was posted.
After that, the hacker invited the social media bot by locking all the channels on the server and also removing others’ capability of communicating publicly about the fake links and posts.
The Rare Bears Discord team stated that they were able to retrieve the control of the server, removed the hacked account, and transferred its ownership and now the server is secured from any further attacks.