Rare Bears Discord Phishing Attack Steals $800,000 in NFTs


  • In the incident, a nonfungible token project moderator’s account was stolen, and a phishing link that emptied user wallets was posted.
  • A hacker uploaded a phishing link in the project’s Discord channel, taking roughly $800,000 in nonfungible tokens (NFTs).

According to Peckshield, the attacker was able to take 179 NFTs, including “Rare Bears” and other NFTs from other collections such as “CloneX,” “Azuki,” a “mfer” by artist Sartoshi, and six LAND tokens used for The Sandbox metaverse.

According to on-chain research, the majority of the NFTs were sold, earning the hacker 286 Ether (ETH) worth approximately $795,500, the majority of which was immediately transferred through Tornado Cash, a crypto mixer designed to conceal the source of cash.

A slew of similar phishing schemes has surfaced on Discord in recent months, indicating that some teams should reconsider the security of admin accounts. The “Rare Bears” team announced earlier today that they had recruited security consultant and auditor Pandez to conduct a complete security assessment of their Discord server.

The hacker obtained access to the account of a Rare Bears Discord moderator known as Zhodan, making a notice inside the group’s channel that a fresh mint of NFTs was taking place, according to an update issued by the “Rare Bears” team. Of fact, it was a forgery, a phishing link meant to steal cash from a ‘user’s wallet.

According to the security audit update, the project’s Discord account’s leader was hacked. Using the hijacked account, the attacker then banned or revoked other members’ roles from the server, blocking their ability to delete the uploaded phishing link.

The attacker then invited a bot to freeze all channels on the server, preventing others from openly communicating that the postings and links were fraudulent.

Members of prominent NFT artist Beeple’s Discord were also defrauded last November, with attackers obtaining access to a moderator’s account and posting a phishing link, depleting user cash.

Comments (No)

Leave a Reply