Cybercriminals hack the accounts of administrators of Discord servers and steal cryptocurrency from their accounts using malicious browser bookmarks.Several Discord crypto communities have been affected in the recent wave of attacks, including Aura Network, MetrixCoin, and Nahmii.
Let me remind you that we also talked about the fact that 17 malicious npm packages stole Discord tokens, and also that the PyPI repository got rid of 11 packages that were stealing Discord tokens and passwords.
And more recently, the media wrote that CAPTCHA in Discord Asks Users to Find Non-Existent Objects Created by AI.
Group admins have reported receiving interview requests from individuals posing as reporters from cryptocurrency news outlets. Once the victims agree to be interviewed, they are redirected to a fake Discord server that mimics a news release.
Administrators are then asked to verify their identity by dragging a link from the server to the browser’s bookmarks bar. Victims believe this action is part of the verification process and subsequently return to Discord.com and click on a new bookmark.
The scammer then uploads the token into his browser session and proceeds to announce exclusive NFT news in the Discord target group, which are designed to attract naive participants who are confident in the legitimacy of the messages.
The victims are then prompted to connect their crypto wallets to the web address provided by the attacker and grant unlimited permissions to use their tokens. Consequently, the hacker successfully withdraws funds from compromised accounts. To cover their tracks, the attacker promptly deletes messages and bans users who are trying to expose fraud.
The stolen token remains functional only to the attacker until the original owner logs out or changes their credentials. This is how a cybercriminal can use a hacked account without arousing suspicion.
According to Krebs, an Ocean Protocol employee was the victim of this attack. On May 22, the Ocean Protocol Discord server admin clicked on a link sent in private messages from a community member. The administrator was then asked to verify their identity by dragging the link to the web browser’s bookmarks bar. Even though Multi-Factor Authentication (MFA) was enabled, the employee’s account was hacked.
The attackers waited until midnight in the victim’s time zone to use the account and reduce the chance of detection. Subsequently, the hackers from the hacked account sent a message announcing a new Ocean giveaway. Eventually, the victim contacted the operator of the server hosting the channel and the settings were returned to normal.
With this deceptive strategy, the scammers gain access to victims’ Discord tokens, allowing them to perform fraudulent activities, such as debiting hacked accounts. It is extremely important for Discord users, especially administrators, to be careful about such attacks.
User Review( votes)