Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Discord Attack Targets NFT Projects

by Kervin Alintanahin

Multiple Targets 

Discord Administrators/Moderators and NFT project members were targeted today in a well-planned social engineering attack. Attackers managed to take over sessions of some privileged Discord accounts and used them to send messages to servers/users in Discord. Since the messages and announcement came from moderators’ accounts, it is likely that users will trust the content of their messages. 

As narrated by kekwin.eth on twitter, the threat actors were able to grab the session token of his Discord account by luring him to a screen sharing session. From that point, it only took a screen grab of the Developer Tools logs in Discord to bypass authentication, including 2FA, and take control of the account.  

Axie Infinity Fake Announcement 

A fake announcement was sent to the official Axie Infinity Team Discord channel. Though the announcement was retracted as fast as the admins/moderators could, a couple of fast users were able to click on the links and were duped into purchasing a fake NFT for Axie Infinity. 


Fake Axie announcement

As stated on their Discord channel, a staff member was similarly tricked into giving away his Discord access through the network logs of Chrome’s Developer Tools.

discount announcement

The image above is of the notice from Discord of the hacked staff member account; note the similarity to kekwin.eth incident.

It’s likely that the attacks are by the same group since they have very similar approaches and close timelines. Although steps have been taken to secure Discord channels and accounts, threat actors are always finding ways to trick unsuspecting users. If users train to learn how to secure their accounts and follow security guidelines, it could lead to a more stress-free online experience.




You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...