What we know
Administrators say that several of the attacks started with an interview request from someone posing as a reporter for a cryptocurrency focused news outlet. Administrators who took the bait received a link to a Discord server. The link appeared related to the official Discord crypto news site. When clicked, the link took admins to a page asking them to verify their identity.
As revealed in this YouTube clip, the aforementioned verification process involved dragging a button from the fake crypto news Discord server to the bookmarks bar on a victim’s browser. At that point, admins were instructed to return to discord.com in order to click on the new bookmark to complete the identity verification process.
In the next stage of this attack, unsuspecting Discord members click on the ‘high-value opportunity’ link provided by the compromised administrator account. Members are then asked to connect a crypto wallet to the scammer’s site. Once on the scammer’s site, the site requests unlimited spend approvals on tokens and then drains the balance of profitable accounts.
Should anyone in the compromised Discord channel notice the scam and write anything about it, they are promptly banned from the community. Their messages are deleted by the compromised admin account.
According to Krebs on Security, an Ocean Protocol employee fell victim to this attack. On May 22nd, the Ocean Protocol Discord server admin clicked on a link that had been distributed via private message from a community member. The administrator was asked to verify identity by dragging the link to the web browser’s bookmarks bar. Although multi-factor authentication was enabled, the employee’s account was compromised. As a means of moving forward without detection, scammers waited until midnight in the victim’s time zone to use the account, reducing the probability of detection.
Subsequently, the scammers put forth a message where they appeared to be launching a new Ocean giveaway. The victim eventually reached out to the operator of the server hosting the channel and the issue was resolved.
Discord admin accounts, especially within cryptocurrency-focused communities, have become prime targets for cyber scammers. Via deceptive strategies, like the one outlined above, scammers can gain access to Discord tokens, enabling them to engage in fraudulent activities. Discord admins and users should exercise caution and keep an eye out for these types of cyber attacks.