Scammers have reportedly found a new way to compromise users’ Discord accounts, including those on servers related to cryptocurrencies and non-fungible tokens (NFTs), by hijacking the QR codes used to log in.
According to cryptocurrency enthusiast pseudonym Serpent, malicious actors, disguised as the verified Discord bot named Wick, are now approaching users offering them a collaboration, potential job, or other enticing opportunities. But there’s a catch: To continue the discussion, the scammers ask users to verify via a QR code.
New NFT discord scam making the rounds, this time using QR codes.
Pretty terrible scam but that’s how it works 🧵👇
— Serpent (@SerpentAU) April 4, 2022
This is because Discord has the option to log in with a special QR, bypassing two-factor authentication. In reality, however, “scammers are using Chrome handlers to open the login page, get the QR code image, and then send it to the Discord bot, asking people to verify themselves,” Serpent explained.
If a user scans such a code, criminals can instantly log into their account and snatch their Discord token, a unique series of numbers and letters that is created when people connect to the app. If this happens, users should reset their passwords as soon as possible.
Why is it dangerous?
While access to a Discord account won’t directly compromise someone’s crypto or NFTs, such security breaches are still dangerous and can allow all sorts of cyberattack vectors.
5/ Thanks for coming to my ted talk. Stay safe and vigilant, threat actors are everywhere these days and trying to scam us 24/7. Double check everything you see and ask yourself, “Is this safe to click?” -K3rnel🤍
— K3rnelPan1c.eth (@Krn3lPanic) March 14, 2022
For example, malicious QR codes can be used to add new and potentially suspicious contacts to user lists. In addition, such codes also allow victims’ devices to connect to the hacker’s network, automatically initiate phone calls, as well as compose emails and send text messages. Not to mention, such QR codes can reveal users’ location and initiate fraudulent payments.
Things we can no longer do:
📍open dms in discord
📍scan QR codes
📍click on unknown links
📍click on Google Drive links
📍make art commissions for strangers
📍 store nfts in hot wallets
— Ƨ 👁 and 776 more (@stellabelle) April 4, 2022
What CryptoSlate reported, Cyber attacks have been gaining strength on Discord lately. In particular, not only regular users but also major crypto companies are being hacked.
On April 1, for example, the Discord server of the famous Bored Ape Yacht Club NFT collection was compromised by hackers.
STAY SAFE. Don’t hoard anything from any Discord at this time. A webhook on our Discord was briefly compromised. We spotted it right away, but please note: we’re not doing any sneaky April Fools mints/airdrops etc. Other Discords are also being attacked right now.
— Bored Monkey Yacht Club (@BoredApeYC) April 1, 2022
At that point, the hacker gained access to the Discord server that hosts Bored Ape Yacht Club, Mutant Ape Yacht Club, and Mutant Ape Kennel Club, Yuga Labs’ three collections of NFTs.
Posted in: Hacks, NFT, Scams
Obtain a Edge in the Cryptomarket 👇
Become a member of CryptoSlate Edge and get access to our exclusive Discord community, plus exclusive content and analysis.
Join now for $19/month Explore all the benefits
This post Crypto Users Report New Wave of Discord NFT Scams
was published first on https://cryptoslate.com/crypto-users-report-new-wave-of-discord-nft-scams/