TL;DR Breakdown
- NFT scams are making the rounds on Discord using login with QR code option
- This is coming after a recent massive Discord compromise that affected BAYC
- Market participants give tips on how to avoid NFT scams.
Non-Fungible Token (NFT) scams have been evolving in sophistication and impact. A new NFT scam format is now making the rounds via Discord, a popular free voice, video, and text chat app.
NFT scams take a new twist on Discord
According to Spent, pseudonymous crypto enthusiast and Discord security expert, malicious actors have been conducting NFT scams using QR codes.
Explaining the mechanics of the scam, he took to Twitter to explain that malicious actors reach out to users in the guise of offering NFT promotion jobs or collaboration opportunities. When users show interest, they are directed to verify their identity using a Discord verification bot called Wick.
However, the catch is that the bot has been compromised. The page users are directed to for the verification is instead Discords “Log in with QR code” page. The scammers use Chrome drivers to open the page, get the QR code, then send it to the Discord bot, Serpent said.
The QR code, when scanned, will log in the scammers to the victim’s Discord account and immediately grab the victim’s Discord token, he added. While it doesn’t give direct access to a user’s NFT wallet, the scammer can monitor and hijack the victim’s NFT activities on Discord.
Other disingenuous NFT scam formats have also been getting used on Discord. In one of the most recent high-profile NFT hacks, the official Discord channel of the Bored Ape Yacht Club (BAYC) was revealed to have been compromised.
The BAYC team directed users not to mint or accept any offers on the server till further notice. It disclosed that a webhook was briefly compromised. The hackers sent out a malicious link that, when clicked, stole the users’ NFTs and other wallet information.
Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately… Other Discords are also being attacked right now.
the team said in a tweet.
Despite the swift actions taken, the hackers were still able to steal a Mutant Ape Yacht Club (MAYC) NFT worth around $69,000.
Aside from NFT scams, the broader crypto industry is also battling many exploit cases. So far, in 2022, over $1.2 billion worth of crypto has been stolen by hackers using different methods.
The Axie Infinity Ronin network hack last month, which saw hackers steal around $635 million worth of tokens, is now chalked up as the biggest crypto hack in history.
How to avoid getting scammed in the NFT space
With the endemic spate of NFT scams in the crypto space, users are implored to be constantly vigilant. Community members are also advised to be wary of strange emails, links, webpages, QR codes, and messages.
Expert’s advice that any payments that also ask for sensitive information should not be initiated in the first place. Serpent noted that users who discover that their Discord accounts have been compromised could reset their password, which will also reset their token and keep out the hackers.