Hacking Methods
Malware Installation via Admin Impersonation Email
Admin Impersonation & Sending DMs (Request for Verification)
Bot Abuse (Hacking, Webhook Authority Abuse)
Hacking Discord Server / Authority to Join
Instruction for a False NFT Auction
Robbing Personal Information by Bypassing 2FA
Robbing Token, Grabber Usage Information
Publishing Fake Minting Information Via Webhook
Affected Projects
BAYC [Website]
MetaKongz [Website]
DIVINE ANARCHY [Website]
Doodles [Website]
Stability-Enhancing Software
•
Malwarebytes
•
Avast
Preventing Damages
News Articles
Recommended Discord Bot
•
Secure Server Settings for Discord [Link]
1.
Setting Up Roles and Authorities
Role is one of the fundamental elements for managing the Discord server. Members are given splendid and various colors, but what’s more important is that they are given many authorities including what they can and cannot do on the server. You can give roles to members or bots to allows them to kick or ban members, add or delete channels, and use @everyone ping.
2.
Setting Up Verification Level
If you utilize verification level, you can manage who can send messages on the server. Setting up a high verification level allows you to protect the server from users’ spam and server attacks. You can check these options in Server Settings > Administration tab.
Verification Level
3.
Activating 2FA for Server
Once 2FA (Two-Factor Authentication) has been set, all mediators and administrators will be required to set up 2FA for their own accounts to execute server admin works such as deleting messages. For more information on 2FA, please refer to this link.
If you set up 2FA for all admin accounts, you can protect the server from malicious users who aim to manipulate the server by damaging either the mediator or admin account. You can check the activation button for compulsory 2FA in Server Settings > Administration tab. To activate this option, you must first activate 2FA in your account.
4.
Setting Up a Filter for Malicious Content
If you use the Malicious Content Filter function, images or any uploads deemed inappropriate will automatically be detected and deleted. Through this function, members can share contents such as images or embeds and lower the risk of viewing inappropriate contents shown in the SFW (SafeForWork) channel. You can check this option in Server Settings > Administration tab.
Malicious Content Settings
How to Set Up a Secure Personal Environment on Discord
•
User Settings > Privacy & Safety
1.
Undo “Allow direct messages from server members”
2.
WHO CAN ADD YOU AS A FRIEND → Undo “Everyone” and “Server Members”
What We Should Be Aware of
1.
Unofficial Chat - When hacking an official Discord account, hackers would sometimes block chat so that users cannot communicate with one another.
2.
Team and MODS - You need to check if Team and MODS are normally located in the right side of the server in case they are kicked out from Discord.
3.
Minting Website - The minting website may feel different from the official website. Even the art may be slightly different.
4.
OpenSea Item Quantity - If a hacker announce a new minting website, the official collection item quantity in OpenSea does not increase if it is a fake minting website (for legitimate minting, the official collection item quantity should increase).
5.
Minting Price and Floor Price - If you know well enough about the current NFT market’s bot system, when new items from a popular project are minted at a price lower than the current floor price, they will be sold by bots in a couple seconds.
6.
Founder’s Twitter Account - Usually, when an announcement is uploaded on Discord, the same announcement appears in the founder’s account or the project’s official account. Make sure to always double check!
7.
MetaMask Approval - The request for signature seems a bit different on the minting website. If the message turns into a red flag, not mint, and shows up as “send” or seed phrase, you must immediately disconnect your wallet.
8.
Constant community instructions about the commonalities of hacking methods should be given out.
