Scammers have reportedly found a new way to compromise users’ Discord accounts — including those on servers related to cryptocurrencies and non fungible-tokens (NFTs) — by hijacking QR codes used for logging in.
According to pseudonymous crypto enthusiast Serpent, malicious actors — disguised as Discord’s verified bot called Wick—are now reaching out to users to offer a collaboration, potential employment, or some other enticing opportunities. But there’s a catch — to continue the discussion, scammers ask users to verify via a QR code.
New NFT discord scam going around, this time using QR codes.
Pretty terrible scam, but this is how it works
— Șarpe (@SerpentAU) Aprilie 4, 2022
This is because Discord has an option to log in using a special QR, bypassing two-factor authentication. In reality, however, “scammers are using Chrome drivers to open the login page, get the QR code image, then send it to the Discord bot, asking people to verify themselves,” Serpent explained.
If a user scans such a code, bad actors can instantly log into their account and snatch their Discord token, a unique series of numbers and letters that is created when people connect to the app. If this happens, users need to reset their passwords as soon as possible.
De ce este periculos?
While access to a Discord account won’t direct endanger someone’s crypto or NFTs, such security breaches are still dangerous and can enable to all manner of cyberattack vectors.
5/ Thank for coming to my ted talk. Stay safe & stay vigilant, threat actors are everywhere these days and they try to scam us 24/7. Double check everything you see and ask yourself: “Is this safe to click” -K3rnel
— K3rnelPan1c.eth (@Krn3lPanic) Martie 14, 2022
For example, malicious QR codes can be used to add new—and potentially suspicious—contacts to users’ lists. Further, such codes also allow to connect victims’ devices to the hacker’s network, automatically initiate phone calls as well draft emails and send text messages. Not to mention that such QR codes can reveal users’ locations and initiate fraudulent payments.
Things we can no longer do:
open dms on discord
scanează coduri QR
click unknown links
use discord
click on google drive links
do art commissions for strangers
store nfts on hot wallets
______________________— Ƨ and 776 others (@stellabelle) Aprilie 4, 2022
As CryptoSlate raportate, cyberattacks have been picking up steam on Discord lately. Notably, not only regular users but major crypto companies are being hacked as well.
On April 1, for example, the Discord server of the famous Bored Ape Yacht Club NFT collection was compromise de hackeri.
STAI IN SIGURANTA. Nu bate nimic din niciun Discord chiar acum. Un webhook din Discordul nostru a fost compromis pentru scurt timp. L-am prins imediat, dar vă rog să știți: nu facem niciun fel de monetări / airdrops stealth pentru April Fools etc. Alte Discords sunt, de asemenea, atacate chiar acum.
- Clubul de iahturi Bored Ape (@BoredApeYC) Aprilie 1, 2022
At the time, the hacker gained access to the Discord server that hosts Bored Ape Yacht Club, Mutant Ape Yacht Club, and Mutant Ape Kennel Club—all three NFT collections from Yuga Labs.
Apart from Yuga Labs, Discord servers of other NFT projects, such as Nyoki Club și Shamanzs NFT, were also hacked that day.
Mesaj Utilizatorii Crypto raportează un nou val de escrocherii Discord NFT a apărut în primul rând pe CryptoSlate.
- "
- &
- acces
- Cont
- airdrops
- TOATE
- aplicaţia
- Aprilie
- în jurul
- Artă
- Autentificare
- fiind
- Bot
- încălcări
- Captură
- prins
- Chrome
- club
- cod
- colaborare
- colectare
- venire
- Companii
- continua
- a creat
- cripto
- cryptocurrencies
- Atac cibernetic
- zi
- Dispozitive
- discordie
- dubla
- conduce
- ocuparea forţei de muncă
- permite
- ETH
- tot
- exemplu
- First
- găsit
- mai mult
- merge
- tocat
- hacker
- înălțime
- Cum
- HTTPS
- imagine
- Inclusiv
- IT
- Labs
- liste
- Locații
- major
- manieră
- reţea
- NFT
- Proiecte NFT
- NFT-uri
- numere
- oferi
- deschide
- Oportunităţi
- Opțiune
- Altele
- Parolele
- plăți
- oameni
- posibil
- potenţial
- Proiecte
- Codul QR
- Realitate
- regulat
- raportează
- sigur
- Înșelătorie
- Escrocii
- escrocherii
- securitate
- breșe de securitate
- serie
- unele
- şedere
- Aburi
- Vorbi
- actori amenințători
- timp
- semn
- stare de nervozitate
- unic
- us
- utilizatorii
- W
- Val
- fabrică