Scammers have reportedly found a new way to compromise users’ Discord accounts, including those on servers related to cryptocurrencies and non-fungible tokens (NFTs), by hijacking the QR codes used to log in.

According to cryptocurrency enthusiast pseudonym Serpent, malicious actors, disguised as the verified Discord bot named Wick, are now approaching users offering them a collaboration, potential job, or other enticing opportunities. But there’s a catch: To continue the discussion, the scammers ask users to verify via a QR code.

This is because Discord has the option to log in with a special QR, bypassing two-factor authentication. In reality, however, “scammers are using Chrome handlers to open the login page, get the QR code image, and then send it to the Discord bot, asking people to verify themselves,” Serpent explained.

If a user scans such a code, criminals can instantly log into their account and snatch their Discord token, a unique series of numbers and letters that is created when people connect to the app. If this happens, users should reset their passwords as soon as possible.

Why is it dangerous?

While access to a Discord account won’t directly compromise someone’s crypto or NFTs, such security breaches are still dangerous and can allow all sorts of cyberattack vectors.

For example, malicious QR codes can be used to add new and potentially suspicious contacts to user lists. In addition, such codes also allow victims’ devices to connect to the hacker’s network, automatically initiate phone calls, as well as compose emails and send text messages. Not to mention, such QR codes can reveal users’ location and initiate fraudulent payments.

What CryptoSlate reported, Cyber ​​attacks have been gaining strength on Discord lately. In particular, not only regular users but also major crypto companies are being hacked.

On April 1, for example, the Discord server of the famous Bored Ape Yacht Club NFT collection was compromised by hackers.

At that point, the hacker gained access to the Discord server that hosts Bored Ape Yacht Club, Mutant Ape Yacht Club, and Mutant Ape Kennel Club, Yuga Labs’ three collections of NFTs.

In addition to Yuga Labs, the Discord servers of other NFT projects, such as Nyoki Club and Shamanz NFTswere also hacked that day.

Posted in: Hacks, NFT, Scams

Obtain a Edge in the Cryptomarket 👇

Become a member of CryptoSlate Edge and get access to our exclusive Discord community, plus exclusive content and analysis.

chain analysis

Pricing Snapshots

More context

Join now for $19/month Explore all the benefits



This post Crypto Users Report New Wave of Discord NFT Scams

was published first on https://cryptoslate.com/crypto-users-report-new-wave-of-discord-nft-scams/

Author

Write A Comment