I’ve seen people on Twitter, who are into cryptocurrency and who have those hexagon shaped avatars (that they had to pay for), praise the blockchain. There appears to be a widely held concept that the blockchain is safe because it cannot be changed.
Some of those people, who are in NFT focused Discords learned a lesson the hard way. Vice reported that the Discords of multiple NFT projects were hacked as part of a phishing scam to trick users into handing over their digital jpegs. This included the Discords for Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz all of which were targeted.
Scammers put phishing posts into those Discords. According to Vice, the goal of the hack was to trick people into clicking on a link to “mint” a fake NFT by sending ETH and in some instances an NFT to wrap into a token. Motherboard viewed a message to that effect in a Discord that had a compromised bot.
Those who responded to the phishing post – in the hopes of being able to “mint” an NFT (that turned out to be fake) were unaware that they had fallen for a scam.
Vice provided the following explanation in their article:
Two wallet addresses have been tied to the hacks, now labeled Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan. At least one Mutant Ape Yacht Club NFT (a BAYC spinoff by developer Yuga Labs) was stolen and quickly sold by the 5519 wallet, which sent 19.85 ETH to the 5520 wallet.
The second wallet sent 61 ETH ($211,000) to mixing service Tornado Cash early Friday morning. The latest transaction is a transfer of ETH to a previously inactive wallet that then sent the same sum to an incredibly active wallet currently sitting on 1,447 ETH ($5 million), 6 million Tether coins ($6 million), and an assortment of other tokens.
The blockchain itself might be secure. Unfortunately, there will always be people who fall for an enticing phishing scam. Those unfortunate people won’t get their cryptocurrency or NFTs back.