Everyone has access to the internet nowadays, and many have been implementing it to stay in touch even when they are apart, regardless of where they live. Millions of people use Discord, a platform where users can build servers for text and video calls with friends and strangers. Thousands of NFT and crypto fans also call Discord home. 

These fans enjoy being a part of an exclusive group and interacting with a community. Discord used to be dominated primarily by gaming communities, other fun groups, and more than a few educational communities.

As Non-Fungible-Tokens (NFTs) become increasingly popular, Discord is used more frequently for some of these transactions. This growth has escalated the risk of hacking and cyberattacks on NFT-Discord servers. The security of the servers and the private and financial data of the users who are members of those servers may be compromised by these breaches.

The recent rise in these attacks

With the increased popularity of NFT, there has also been a considerable increase in breaches of NFT Discord servers. Hackers have often used bots or moderator accounts on Discord servers to post links in different channels.

Unsuspecting members who unknowingly click on these links wind up losing finances. Such attacks have been used against important NFT projects like Boss Beauties and Snoop Dogg’s Rap Empire Discord server.

Snoop Dogg Rap Empire Dao discord has been hacked. Do not mint.

— LolTapes (@LolTapes) February 1, 2022

On Monday, NFT.news reported the latest in a series of breaches targeting NFT projects via their Discord servers, allegedly involving the NFT projects Frogs on $Cope, “Back We Go,” and the company of Cambridge-based group of software professionals, Azuki.

Frogs confirmed the hack on $Cope on Twitter, alerting their followers and the broader public of the occurrence. They warned that the continuing raffle being pushed was a phishing scheme, and users who participated in it would probably lose all of their digital possessions.

This is the hacker: хаднудвгауче9ф8ч#2783

This is the real fa1rTrade: fa1rTrade#7884

Discord remains compromised, there isn't a raffle going on, you'll get drained if you click it.

I feel really sorry for anyone that has been drained, current damage is 96 sol. pic.twitter.com/Z18Sd4NTbR

— Frogs On Cope (@FrogsOnCope) January 22, 2023

On the same day, another Discord hack was reported on Twitter by Certik Alert, a pioneer in blockchain security that uses top-tier AI (Artificial Intelligence) tools to safeguard and oversee blockchain protocols and smart contracts. The company whose server was taken over was Azuki.

#CertiKSkynetAlert 🚨

We are seeing a phishing link posted in @QzukiOfficial Discord server

Do not click any links until the team has secured the server.
#NFT #hacked #Discord

Stay vigilant!

— CertiK Alert (@CertiKAlert) January 22, 2023

Even though NFTs may seem secure, it is well-known that attackers are constantly looking for new ways to steal digital or physical things. Although the NFT market is still in its early stages of development, its enormous popularity, high price tags, and quick expansion have created a new source of income for hackers. This is because tokens are already in play and circulation; they are not stationary.

NFT Discord security 101

Discord facilitates efficiency in NFT communities. Through invite links, app users can create chat rooms with names similar to servers only accessible by invitation. Then, each server can be divided into ‘channels’ representing discrete areas for open discourse on various subjects. Additionally, channels are accessible in text and audio formats, enhancing and streamlining utilization.

Discord hackers using the same methods

Many of the Discord hacks targeting NFT ventures, according to evaluations done by TRM labs of on-chain and off-chain data, exhibit similar activity patterns. Hackers use a variety of methods to defraud Discord users, including:

• It employs sophisticated social engineering techniques like phishing and fake accounts that pose as administrators.
• By taking advantage of bot weaknesses, like those in the Mee6-bot, administrators can automatically assign and revoke responsibilities and send messages to the public.
• Attackers, in some cases, even changed administrator settings to prevent Discord moderators from interfering with their activities.

Hackers’ communications to users try to capitalize on the sense of urgency frequently connected with NFT-minting incidents, urging users to act immediately to avoid missing out on a free offer or a limited supply.

Tips on how to secure your NFTs on Discord Servers

Own your Discord Server

Making sure they are the administrator of the Discord server is the first step for anyone who wishes to use Discord for NFTs. Users must ask the server’s creator to transfer the ownership to them, even if they didn’t create it. If something wrong happens, this will aid the individual in acting appropriately. The owner should choose the personnel with access with the utmost care and the user’s trust. They will serve as moderators and should be available in all time zones.

AVOID clicking on any unknown links

NEVER CLICK ON ANY LINK SENT TO YOU FROM A WEBSITE OR A DOWNLOAD YOU NEED TO KNOW! Some webpages are structured so that hackers can grab your IP address, let harmful malware into your machine, and use it to extract more money and Non-fungible tokens.

The target usually ends up on a fake NFT minting website after following the link, which, if signed, would allow the attacker to steal all the money from the victim.

The most effective approach would be quickly blocking them after reporting the account to Discord for posing as a scammer. The names of the links should also be carefully scrutinized because they frequently contain errors.

Even though different marketplaces, such as OpenSea, typically send separate emails when you receive an offer or make a purchase, scammers pretend to be the marketplace itself in these emails, asking you to click on links or do other actions that could jeopardize the security of the assets. Therefore, it is important to double-check the email and contact the marketplace customer service team first if you see anything odd.

Turn on Two-Factor Authentication

This is a procedure in which, after accessing one’s Discord account, it sends them an email to your Gmail account with a code that must be entered to authenticate that one is who they say they are. While visiting a new website each time one wants to log in may be inconvenient, hackers can access your account easily.

They would need to know one’s Discord password in addition to their username and password for their Gmail account, which is far too detailed for them to guess.

Never disclose your seed phrase to anyone

The best analogy for one’s seed phrase is that of their card’s CVV code. This phrase will serve as the passphrase to unlock all tokens kept in the user’s digital wallet, even if the hacker does not have adequate information.

 It is strongly advised that one safeguards it just like a physical wallet containing a sizable amount of cash. One can always access all tokens linked to that wallet and phrase if one maintains their seed phrase safe and remembers it.

The user should avoid sharing their screen

Hackers frequently use screen sharing or Team Viewer to steal people’s tokens. Even though people now often share their screens with others, whether for professional or personal purposes, when discussing NFT, the user may run the risk of losing their assets. 

Hackers can easily persuade users to provide their secret recovery phrase, which could endanger their wallets or be used to take assets.

Avoid talking to strangers who DM you first

Discord has a function called Direct Message that lets you communicate with a single person without exposing your conversations to the rest of the server. However, these hackers also exploit this as their primary means of destruction.

The most typical scam involves someone DMing a user before forcing them to click a link or visit another server, where they have unrestricted access to their account and all its sensitive data. Users should make it so that only persons they have designated as friends can send them Direct Messages to establish a strong defensive filter and stop this from happening.

Worst case scenario, one has been hacked; what to do?

One can do various things if the unthinkable happens and a user’s Discord server is infiltrated. The individual should pause and notify their Twitter community that their Discord server has been stolen. One then needs to take over their server.

Most Discord hacks use ‘webhooks,’ in which the hacker deploys a remote control in the victim’s home to take over and post a phony mint site in the victim’s channels. The user must go to server settings and locate the integrations option to delete webhooks. They should choose ‘webhooks’ and ‘delete all’ here.

The user must choose the audit log option under server settings to prevent intruders from establishing new webhooks. Then, one should enter ‘create webhook’ to discover whose account was compromised and who is responsible for establishing webhooks. After that, temporarily ban the offender. Now that the hacker has been removed, the user should devise a plan of action to assist individuals who have been scarred.

Bottom Line

Scams will probably be hazardous if the crypto space is uncontrolled and the technology driving NFTs is still developing. However, as the cryptocurrency market matures, we should anticipate more formal rules regarding cryptocurrencies and digital assets shortly.

The industry learns more from each successful or unsuccessful attack, and changes are made to make the system more secure and safe.

Wilson K. Lee, a CEO and entrepreneur, stated: 

“The best way to fight scams/hacks is to be aware and be educated..”