In the early hours of October 11th, 2018, a phishing attack caused by an unknown hacker targeted at NFT Collection. The website was infected with malware that allowed hackers to steal users’ personal information and crypto wallets from their phone.
The “nft private hack mir4” is a phishing attack that occurred just days after the launch of the NFT Collection. The fake website was designed to look like an official NFT account and request for passwords.
A hacker stole about $790,000 worth of NFTs and crypto from owners of the freshly released Rare Bears collection on Wednesday, in the latest installment of a Discord-related NFT controversy. The culprit was able to acquire unauthorised access and appear as an official moderator on the server due to the project’s Discord group’s compromised security, according to the project’s staff.
As you might expect, a phisher posing as an official moderator did not go over well, as the unsolicited intruder proceeded to post a phishing link to a website that PeckShield security firm described as hosting a malicious smart contract that gave them control over victims’ wallets when interacted with.
A bogus story accompanied the link, claiming that 1,000 new and special Rare Bears NFTs had been added to the collection, each with a mint price of 0.1 ETH ($280).
Despite Rare Bears administrators’ best attempts to alert the community of the security breach, the offender was able to flee with over 179 NFTs, including Rare Bears assets as well as CloneX, Azuki, mfer, and 3landers.
The victims’ crypto assets were also frozen, allowing the offender to flee with 286 ETH ($790,000) after quickly reselling the assets. The remaining 72.3 ETH was transmitted across three wallets (which are presumably under the hacker’s control), with 213 ETH being routed via mixing provider Tornado Cash.
Despite Rare Bears’ relatively successful launch of its 2,400 NFTs just days before the scandal (with its public mint going live on Sunday), as well as its LAND acquisitions in The Sandbox, the situation can most certainly be described as a nightmare start for its community, and it is also a rather explicit reminder to stay vigilant when navigating this sometimes-treacherous space, especially on Discord.