TL; DR Breakdown
- Rare Bears suffers phishing attack
- The platform lost $800,000 to hackers in the attack
- Phishing attacks in discord are on the rise
Rare Bears, an NFT project that recently debuted in the non-fungible token sector, has been hacked. The hacker was said to have posted a link suspected to be phishing, thereby allowing him to wipe about $800,000 from its discord channel. A detailed review from Peckshield showed that the hacker stole a combined 179 NFTs from the platform. Asides from the Rare Bears NFT, he was able to get his hands on others, including Azuki and some LAND tokens.
Rare Bears suffers $800,000 loss
In a detailed analysis, the hacker was said to have sold all the NFTs, recouping cash worth around $795,000 from the sales. After the sale, the hacker obfuscated funds through the known mixer, Tornado Cash. Asides from this hack, there have been others that have happened in discord.
This shows how conscious teams and admins need to be regarding their accounts and who posts on their channels. Following the hack, Rare Bears has moved swiftly to hire a team that will carry out an audit to determine the full extent of the damage. The team would also look for loopholes and try to fix them.
Phishing attack in discord is on the rise
In the update that Rare Bears released, the hackers were said to have assumed control of one of the accounts belonging to the admin. Immediately after taking control, he posted the phishing link, urging unsuspecting channel members to leverage the opportunity to win new mints that would be worth much in the future. Although the link appeared to look original because it came from an admin account, the members rushed to participate in the giveaway.
The update also said that other admins could not warn members as the hacker had removed or revoked access of most of them before posting the link. He did this by adding a bot that locked admin accounts. However, after a bit of tussle, Rare Bears eventually wrestled control from the hacker, but the deed had already been done by then.
The security audit firm has warned users to be vigilant about links that appear too true to believe. The firm urged members to watch out for basic signs like groups being locked to post a link or if a link appears on discord but not on other social media channels. Asides from this, a previous attack of this nature occurred In November, where hackers made away with $1.3 million in NFTs. Beeple’s discord group also suffered the same fate in another attack late last year via phishing links.