[REQ_ERR: 404] [KTrafficClient] Something is wrong. Enable debug mode to see the reason. Newest threat nft - NFT Meta

Newest threat nft

OpenSea CEO Devin Finzer tweeted that victims were duped into signing an online contract to trade tokens, but the contract order details were left blank. With the authorization signature in place, attackers then filled in the contract details without the victim’s knowledge. This enabled transfer of NFT ownership to the attackers. It’s believed this attack occurred through some kind of phishing, perhaps an email with a false request for contract signatures.

Imitation NFT store sites also exist that try to trick targets into giving up their credentials through email and social media phishing campaigns.

Crypto Wallet Security Cracking

While many are careful not to fall for phishing scams, what if someone sends you a free NFT as a gift? Accepting it could unleash a series of events that ends up compromising your crypto wallet.

On Tuesday, December 21st, two NFT projects fell victim to the same attack. Like many projects in the crypto world, the NFT collection Monkey Kingdom and in-game asset marketplace Fractal both engaged heavily with their communities through Discord chat servers.

Both projects were about to distribute rewards to their community members: Monkey Kingdom through an NFT presale on the day of the 21st and Fractal through a token airdrop — essentially a free distribution to early supporters — a few days later.

Then, disaster struck. Posts appeared in the official “announcements” channel of each project claiming that a surprise mint would reward community members with a limited edition NFT.

Hundreds jumped at the chance — but for those who followed the links and connected their crypto wallets, a costly surprise was waiting.

The Monkey King also pointed to the money raised by the project to refund victims of the scam.

NFT projects are particularly vulnerable to this kind of attack because they move so quickly. Hyped projects often sell out within hours — or sometimes minutes — so early adopters are conditioned to act fast.
And Discord, now the go-to platform for NFT communities, is where the early intel on presales and airdrops is released first. That means community members are primed to jump on any announcements that give them an edge, which, in turn, lets scammers leverage fake messages to devastating effect.

In the most heated drops, making a successful transaction can be difficult even for the early movers.

GitHub commits. But it’s easy to lose track of those bots amid the various third-party service integrations, and crucially, there’s no way to switch off all of them at once if you’ve been hacked. The result is a major opportunity for attackers and a liability for any Discord communities who aren’t paying attention to their integrations.

A Discord spokesperson said the company cautioned people to be careful when giving others access to their devices and personal information and pointed to guidance made available through its Moderator Academy resource center.

“Discord takes the safety of all users and communities very seriously, including social engineering attacks like these,” said Peter Day, senior manager of corporate communications at Discord.

The Monkey King also pointed to the money raised by the project to refund victims of the scam.

NFT projects are particularly vulnerable to this kind of attack because they move so quickly. Hyped projects often sell out within hours — or sometimes minutes — so early adopters are conditioned to act fast.

And Discord, now the go-to platform for NFT communities, is where the early intel on presales and airdrops is released first. That means community members are primed to jump on any announcements that give them an edge, which, in turn, lets scammers leverage fake messages to devastating effect.

In the most heated drops, making a successful transaction can be difficult even for the early movers.

All told, more than $4 million was spent on gas fees for unsuccessful transactions.

There’s no indication yet that the NFT craze will slow in 2022, which means there’ll be no shortage of new projects looking to scale by using off-the-shelf solutions to build their infrastructure. There are signs that Discord, the beating social pulse of the NFT community, is also a goldmine for unscrupulous individuals looking to separate marks from their hard-earned coins — but perhaps as techniques of moderation and server administration in the community improve, more rigorous management of problem areas (like webhooks and third-party plugins) will reduce risk.

The good news is that, for the two projects affected by this particular hack, there may be sunnier days ahead.
Fractal, the game asset marketplace, went live on the penultimate day of 2021.

NFT-mania, pronounced nifty, is upon us with little time to prepare. From news of a collage selling for almost $70 million at Christie’s auction house to a portrayal of Janet Yellen and Morpheus rapping about cryptocurrency on SNL, the current craze is all about non-fungible tokens (NFTs).

But what are NFTs, how do they work, and what security precautions should we take? We answer all of these questions in our look at the exciting, speculative world of NFTs.

Also Read:Hacking Blockchain with Smart Contracts to Control a Botnet

What is a non-fungible token (NFT)?

A non-fungible token (NFT) is a digital certificate of ownership that contains metadata unique to the token.

On Tuesday, December 21st, two NFT projects fell victim to the same attack. Like many projects in the crypto world, the NFT collection Monkey Kingdom and in-game asset marketplace Fractal both engaged heavily with their communities through Discord chat servers.
Both projects were about to distribute rewards to their community members: Monkey Kingdom through an NFT presale on the day of the 21st and Fractal through a token airdrop — essentially a free distribution to early supporters — a few days later.

Then, disaster struck. Posts appeared in the official “announcements” channel of each project claiming that a surprise mint would reward community members with a limited edition NFT.
Hundreds jumped at the chance — but for those who followed the links and connected their crypto wallets, a costly surprise was waiting.

Online art thieves can simply copy, paste, mint and sell the artwork as their own. An Information Security Newspaper report explains that NFT buyers might end up purchasing illegally copied art.

The scam doesn’t stop there. Later, victims might get a call from a blackmailer threatening to report them for owning stolen digital assets.

Redline Malware Scam

Threat actors can also pose as artist patrons. Through social engineering, these fake patrons set up social media pages and act as if they collect digital art.

The scammers then approach artists asking them to create something new. Once they get the artist to download malware (via fake contracts, art samples, etc.) attackers can deploy Redline malware.

This attack enables threat actors to steal usernames, passwords and art files saved on device hard drives.

Non-fungible tokens or NFTs are a completely new type of digital asset, thereby implying the possibilities for radical fluctuations and uncertainty in the NFT ecosystem. The common types of NFT challenges include the following,

  • Legal and regulatory challenges
  • Evaluation challenges
  • Intellectual Property or IP rights
  • Cybersecurity and fraud risks
  • Anti-money laundering (AML) and CFT challenges
  • Smart contract risks and NFT maintenance
  • Consideration of NFTs as securities
  • Environmental Social Governance (ESG) challenges

Enroll Now:NFT Fundamentals Course

Let us take a detailed overview of these risks and challenges of NFT to understand how they can impact NFTs.

Since then, this vulnerability has reportedly been secured.

Fake NFT Support on Discord

Consider the social engineering ruse that took place on OpenSea’s Discord server. Attackers lurked on the instant messaging platform waiting for someone to ask a support question.

They then invite the unsuspecting target to a secondary fake ‘support’ server.

After luring them to their server, attackers ask the target to enable screen sharing to solve the problem. The victim is then instructed to ‘resynchronize’ their MetaMask crypto wallet Chrome extension with their MetaMask app.

Leave a Reply

Your email address will not be published.