Web3 security firm TRM Labs and Halborn, claim that majority of losses in NFT projects are due to “members” in their official Discord servers. Whoever commits cyberattacks on the servers manages to get admin status and extract members’ data. While the companies are finding new ways to combat hacking on the Web3, several cyberattacks on blockchain communities keep happening.
The fear of weak security and frequent breaches may lead to a new form of extreme fear, especially for those new to blockchain technology.
Hacks Have Increased in 2022
Based on TRM Labs and Halborn’s research, hacks have been more aggressive than in previous years. May 2022 alone cost $22 million in the NFT community, but the number of hacking cases increased up to 55% in June 2022.
Since January, most of these hacking incidents start in Discord groups – whether entertainment or art, the members reported to their admins about sudden asset losses.
Specifically, hackers disguise themselves as admins’ names and invite members to “mint” NFTs through unsuspecting links. Clicking on these will redirect them to phishing scams.
Why Discord Makes an Easy Bait
Discord has a more privatized feel than other chat platforms with group servers. Plus, it’s an accessible platform for admins with easy ways to manage members and implement security. Ironically, security lacks in some of these Discord groups.
TRM Labs said they received around a hundred reports regarding hacked Discord servers.
These attacks specifically go after ERC-721 token-based NFTs. The blockchain firm also said that the hacker who went for Bored Ape Yacht Clube last June may have been the same culprit on other Discord groups. Right now, TRM Labs is monitoring Parallel, Tasties, Lacoste, Anata, and Bubbleword to name a few.
Halborn, on the other hand, said the hacks come from mainland China.
TRM Labs said that there is no hard evidence to back up this claim but Halborn’s Offensive Security Engineer, Alpcan Onaran, said they traced the hacks coming from China.
According to Alpcan, a small group of Chinese hackers targets high-value assets. However, he fears that this is not over and that an advanced persistent attack may occur via algorithms.
Project Developers Need to Improve Security
While most NFT and blockchain teams claim that their projects will have more decentralized and secured protocols, they need to back these up with actual defensive mechanisms that work. In addition, many blockchains support online spoke out about developers needing to focus on better security for the users rather than hyping their projects as the next big thing.
Suppose more hacks occur like the Axie Infinity million-dollar heist and the Audius platform breach continue to happen. In that case, a lot of investors might flee from the blockchain industry for good.