Discord communities centered around cryptocurrency have been targeted in recent weeks by hackers running malicious Javascript code disguised as a browser bookmark. The attack works by adding a piece of code onto a user’s browser by dragging a component from a fake website to the browser’s bookmarks. Victims are approached through false interview requests from individuals claiming to be reporters from crypto-focused news sites. If taken in by the ruse, users are directed to a fake Discord server, where they are tricked into providing validation for their identity, enabling the attacker to obtain their Discord token and then post announcements of fraudulent airdrops, NFT minting opportunities, or other fake money-making proposals in the Discord users’ communities.
Unsuspecting users who follow the link and connect to a scammer’s site are then asked for unlimited spend approvals on their crypto wallets, thereby draining the balance of any valuable accounts. Anyone who comments on the fraudulent activity is then banned from the Discord channel, appearing to all members that the scammer’s post is legitimate.
Ocean Protocol, self-described as an “open-source protocol that aims to allow businesses and individuals to exchange and monetize data and data-based services,” was one such discord community targeted by hackers. In this instance, attackers used a CAPTCHA bot that allowed them to access Discord cookies and download the administrator’s token, despite her having multi-factor authentication enabled. The token worked for the attacker until the administrator logged out and changed her credentials.
Aura Network and Nahmii, two other crypto groups whose servers were allegedly breached by the same method, have all emphasized on respective Twitter posts that their community members did not fall prey to the malicious attack. However, MetrixCoin, another community based in the US, reported on May 9th that its Discord server was hacked, resulting in fraudulent airdrop messages being sent out to users.
Sources have described these attacks as a new and particularly insidious form of phishing that is still relatively rare, but it’s worth noting that it affects not only low-grade Discord servers but also more established cryptocurrency groups. The use of click-and-drag malware that relies on bookmarks highlights the need for users to be extra vigilant of such spurious links on all websites that they visit.
Awareness of these attacks is also particularly important for crypto-focused users, as a successful attack could result in a loss of significant amounts of money, and damage to reputations. Extra security measures should be considered, such as browser extensions and 2-factor authentication, though this likely wouldn’t deter dedicated hackers.
In conclusion, the attack on the Discord crypto communities highlights an ever-evolving threat from phishing and malware that specifically targets cryptocurrency holders and investors. Awareness of such attacks and extra vigilance on clicking links should be heeded, and more robust security measures employed by relevant businesses who host these Discord servers.