Gods Unchained Discord Hack

Discord is very popular in the gaming and crypto space. Every NFT project has a Discord, and most of them attract new users by hosting giveaways. These giveaways require users to join their Discord servers and such. I'm personally in so many Discord servers that I don't even know what most of them are. I guess I need to clean up my server list.

original image source

Yesterday there was a situation where the Gods Unchained Admin account in their Discord server was compromised. This was confirmed in a Tweet from the official Gods Unchained Twitter account. Basically the Admin account was hacked and all the mods were banned so the compromised account could execute the theft of funds. A scam $GODS token contract was created and approximately 5 ETH was sent by victims in the Discord, which they are going to reimburse.

Everything was quickly corrected and confirmed in their Discord as well. They even provided the scam contract, which we're going to take a look at. Once users gave approval to this contract, their GODS tokens were stolen. Looks like a total of 1931 GODS were taken. If you may have interacted with this contract, please revoke approval from Metamask.

Let's take a look at the scam contract for funsies. If you were affected, the scammers could have asked for approvals for other tokens such as IMX, USDC, and DAI as well.

You can see that the scam contract was able to steal about $27,000 or 7.24 ETH worth of tokens. It was quickly stopped in its tracks before any more damage was done. Good fuckin job Gods Unchained team!

How does this work?

Let's take a look. Luckily Little Lemon Friends shared a tweet thread that gave us a breakdown into how this sort of attack happens. This is good because a lot of people use Discord and don't think about getting hacked. This is purely social engineering, there is no actual hacking going on. Just really clever scammers, and that is what you need to look out for. Scammers will play on people's emotions and anything really that they can to get access to account information.

Basically - the scammer finds a target such as a Mod or Admin. They join another server and pretend to be the target so the target gets banned. Then the scammer contacts the target from another account pretending to be a mod from that Discord. The target believes that they have to prove innocence to the scammer because the scammer creates fake chat logs. Scammer gets on Discord call and gets the target to screen share, and asks them to "inspect element" be pressing crtl+shift+i. Once the target does this, the scammer can take over the account and bypass 2FA and passwords with a token visible via "inspect element". Basically - if anyone reaches out to you on Discord for any reason... do not screenshare. Do not fall for social engineering tactics like this. If you run a Discord server - disable Webhooks because it's an easy attack vector for scammers.

Thanks for reading! Much love.

Links 'n Shit

Play to Earn	Get paid to Search	Get free crypto every day	Get a WAX wallet
Gods Unchained	Presearch	PipeFlare	WAX.io
Splinterlands
Rising Star

Posted Using LeoFinance ^Beta