Rise of crypto scams on Twitter: back to the most common

Beware of hackers – Facing the rise of cryptocurrencies, many hackers and scammers have become interested in this ecosystem. Thus, the latter redouble their ingenuity to trap their victims. There are more and more different types of scams and no moment of oversight is allowed for cryptocurrency holders.

The Aristocrats Project Discord Server Hack

A few weeks ago, the NFT project strategist Aristocrats returned to Twitter about the hack he had suffered. An event that highlights various practices of Web3 scammers and hackers, so why not prevent this mishap from affecting other users.

So on July 1 Reycsn published a wire to return to the Discord account hack

Topic posted by Reycsn.

His setback begins on June 30, when someone contacts him to offer him a job on an NFT project. So far, Reycsn says he’s flattered by the offer and sees no warning signs about his craft.

Preoccupied with his work, he puts the call on hold before being interested in it again, late at night, around 1am. By going to the project’s Discord, it still doesn’t see a warning sign of the scam. Indeed, the Discord has 13,000 members and seems quite cleanfirm.

Like most Discord servers, this one has security to control access† So a QRCode is presented on Reycsn which he has to scan with his Discord application. An action he finds “not shocking” and which he performs without questioning.

After hanging out on the server, it decides to go to bed without suspecting what was about to happen. At night he is awakened by other members of the project and the sentence falls: the Aristocrats Discord server has been hacked

As often, this hack comes with a phishing link focused on stealing NFT holders of NFT Aristocrats.

>> Don’t get caught in the bait. Choose the LiteBit regulated platform (affiliate link) <

It only took a QRCode

When he scanned the QRCode, Reycsn allowed the attacker to login to his Discord account† Once in possession of the account, he could add his own account as an administrator and get full rights to the server. He took the opportunity to post his phishing message and ban all Discord moderators.

When members of the Aristocrats team tried to regain control of the server, the attacker removed the entire chat channels as a final retaliation.

After several attempts, the teams finally managed to regain full powers and restore the Discord.

Discord: the new hunting ground for hackers

Unfortunately, this story is far from isolated. For example, there are more than one in the month of June one hundred Discord servers of NFT projects that have fallen victim to attacks of this type.

The internet user @NFTHerder carefully lined them up. The list includes many major projects such as the Bored Ape Yacht Club or the Lacoste project.

List of Discords hacked in June.
List of Discords hacked in June.

Each time, the attacker managed to recover an administrator account and use it to perform a phishing attack.

Twitter PDF File Scam

Unfortunately, this is not the only scam affecting the NFT ecosystem. Indeed, many artists have also been the target of attacks targeting steal their cryptocurrencies and NFTs

>> You don’t understand anything about NFT? Enjoy a wide crypto choice on LiteBit (affiliate link) <

Security analyst @Serpent also recently published a wire to explain new type of attack

The PDF file scam, another example of a crypto scam
The pdf file scam.

Thus, in this scam, a user will contact the NFT performers on Twitter and claim a job offer.

After praising the artist’s merits to make him lower his vigilance, the swindler send a pdf stating the details of the proposed mission.

Except that in reality, although the downloaded file seems to have the extension .pdf it is actually a file screen saver in .sc which contains a script to infect the victim’s machine.

Once infected, the attacker can recover all of the user’s cryptocurrencies and NFTs.

“How did he do that?” A simple extension spoof. He changed the file name and added .pdf at the end, then changed the file icon to a PDF icon. It also filled the file with unwanted code to exceed the size limit of 650 MB set by VirusTotal. †

Now let’s look at some good practices to protect yourself as much as possible from hackers.

First, perhaps the most obvious, but very poorly applied protection, namely to: do not store their private keys in plain text on their computer† So even if the attacker manages to infect the computer, he will not have direct access to your private keys.

The attack presented by @Serpent allows to propose several security checks to be performed systematically:

  • Do not download and/or open received files by untrusted third parties;
  • Still check the extension of a file downloaded before opening it.

The adversity of the aristocrats, for its part, makes it possible to raise other good practices:

  • Have a non-professional Discord accountto prevent his pro account from being linked to his personal activities;
  • Avoid making decisions late at night† This is a time when inattention is important, which is conducive to hackers.

And as always, if the offers are too tempting, it’s probably a scam.

Another scam has been going around a lot on twitter lately, that of the “student wallet”. So a user will send you private keys with a request to make a transfer for them. Its purpose is to transfer money that you send to the address to pay transaction fees.

Avoid offers that are too good to be true like the plague and get into the habit of being sane with suspicion. On the other hand, learn to place reasonable trust in respectable and recognized players in the ecosystem. Register now on the LiteBit platformyou will receive €20 as a welcome gift (affiliate link).

Leave a Comment