Let’s face it: NFT hack attempts are getting increasingly sophisticated. It’s on each of us digital asset managers to practice good NFT wallet hygiene.
There is perhaps no better recent example of good wallet hygiene in practice than a hack attempt perpetuated via the popular messenger app Discord.
Discord, the popular chat platform for crypto enthusiasts, gamers, and everything in between, has become extremely popular as of late within the NFT community. Having an active Discord community is considered a litmus test of whether a new NFT project is likely to pump when it hits the markup. In fact, it’s difficult to even attain the coveted whitelist designation without being active within the presale community for a NFT project.
So it was regrettable when, on December 21st, 2021, two NFT projects fell victim to the same attack after a compromised admin account announced fake limited-edition NFTs.
The attack cost millions in stolen cryptocurrency, and it serves as a reminder of why good crypto hygiene is so important.
Let’s discuss what happened and go over some of the basic steps everyone should take to protect their digital assets.
Table of Contents
- Why are Discord crypto hacks so popular?
- So, what happened during this Discord NFT hack attempt?
- How was this NFT hack attempt even possible?
- How did good wallet hygiene help this user evade the Discord hack?
- Why should I keep multiple crypto wallets?
- The best hardware wallets in cryptocurrency
- Final thoughts
Why are Discord crypto hacks so popular?
Discord is a prime target for hackers due to the popularity of NFTs on the platform. The thieves don’t need to infiltrate an exchange or DeFi protocol to gain access to people’s crypto.
Simply put–they can just set up a phishing link and wait for people to connect their wallets.
Since NFTs are still a relatively new asset class, many people are still learning. While the crypto space is generally welcoming of newcomers, these audiences are also the most susceptible to scams.
Additionally, a sense of time urgency attached to most NFT projects contributes to this very problem. On top of being a newcomer to web3, many projects urge users to act quickly.
This is a recipe for disaster, where many people don’t take time to vet a project or smart contract carefully.
So, what happened during this Discord NFT hack attempt?
On December 21st, 2021, a hacker or group took control of an admin account on the Discord chat platform. From there, they were able to post messages in various channels, including those belonging to two NFT projects: Monkey Kingdom and Fractal.
Monkey Kingdom is an NFT project powered by the Solana blockchain, which garnered a lot of attention in 2020 for its innovative use of the technology. Fractal is an NFT platform that focuses on gaming and digital art and is also supported on Solana.
Both projects were set to have big NFT drops around the holidays, so the hackers saw an opportunity to take advantage of the excitement around these upcoming events.
Once the hackers had access to the admin accounts, they posted messages in various channels announcing fake, limited-edition NFTs. The NFTs were supposedly only available for a few hours, creating a sense of urgency among users.
The message included a phishing link that would lead users to a website where hackers prompted them to connect their wallets. The users that complied lost all their Solana on that wallet.
In total, the hackers were able to steal over 2 million $SOL from unsuspecting users. The good news is that both projects refunded their followers and bounced back from the attack.
How was this NFT hack attempt even possible?
This attack was possible because the hackers could gain access to web hooks belonging to the Fractal and Monkey Kingdom Discord servers. However, considering the companies were alerted to the attack within an hour after it started, the hackers were lucky to have made off with as much as they did.
Lousy wallet hygiene is the number one reason as to why hacks like this occur. Some that fall victim to these types of attacks have most or all of their Solana in one wallet, which is never a good idea.
The sense of urgency created by the fake NFTs was also why some users fell victim to the attack. The entire space is based on hype and fear of missing out, so it’s not surprising that people act without thinking when they see an opportunity to get their hands on something rare.
How did good wallet hygiene help this user evade the Discord hack?
One informed user, who goes by the name Thomas, avoided the hack entirely. Like many others, he was excited about an unrelated upcoming project after making some new online connections.
Thomas, the founder of a newer DAO called Arrow, held most of his crypto in various ‘cold wallets,’ but he created a new ‘hot wallet’ specifically to keep his ETH safe from any exploits vulnerable to upcoming cryptocurrency projects. As such, he didn’t store all his $ETH in a single wallet – he only put in the new hot wallet what he needed to participate in for the drop.
Heckshine, who may also be going by the name ‘Linh’, is a Discord hacker who remains anonymous. He/she/they posed as an animation and VFX expert who offered services to Thomas to gain his trust. In secret, other intentions were at play.
Heckshine had another ‘project’ for which he offered Thomas early access via an exclusive NFT. All Thomas had to do was connect his wallet, and Heckshine would take care of the rest.
Had Thomas not practiced good crypto wallet hygiene in this instance, he just may have flippantly attached his main cryptocurrency wallet, and lost everything.
After weeks of trust-building, Heckshine finally gave in to pressuring Thomas to attach his main wallet. This set off red flags for Thomas, who had otherwise, found Heckshine to be completely believable as a contributor to his DAO.
At this point, Thomas investigated the smart contract attached to his project-specific wallet, and noticed it actually approved an interaction with the wallet’s staked wrapped Ethereum on the $AAVE protocol! He had major holdings on his main wallet, and so despite being strongly encouraged to involve his main wallet in the new project, he knew better!
Good on him for noticing before erroneously making his major holdings vulnerable.
Congratulations Thomas for minimizing your losses by practicing good crypto wallet hygiene!
Why should I keep multiple crypto wallets?
The answer is simple: security!
It’s never a good idea to store all your crypto in one place. If you do, and you have a substantial cryptocurrency position, you’re more likely to be susceptible to an elaborate crypto caper like the above Discord hack attempt.
Instead, it’s best to keep your crypto in multiple wallets – ‘cold wallets’ for long-term storage and a ‘hot wallets’ for day-to-day transactions. It’s also important to use two-factor authentication whenever possible.
Another benefit of having multiple wallets is that you can use different ones for different purposes. For example, you might want to have a wallet for trading and another for holding your NFTs.
Finally, it’s important to remember that not all wallets are created equal. Some are much more secure than others, so be sure to do your research before choosing one.
The best hardware wallets in cryptocurrency
SecuX is a company that specializes in providing security solutions for managing your cryptocurrency assets. One of their main offerings is a range of hardware wallets, which are also known as cold wallets. These wallets are designed to store your digital assets offline, which makes them much less vulnerable to hacking attempts. They are made from military-grade materials, which means that they are highly durable and resistant to physical damage. With built-in screens, you can easily check your crypto wallet balance and confirm transactions securely. If you want peace of mind when it comes to your cryptocurrency investments, investing in a hardware wallet is a smart choice.
Our most popular cryptocurrency wallet is the SecuX V20. With tamperproof casing and its Infineon Secure Element chip, it is best for advanced digital asset managers who may be hodling a substantial amount of cryptocurrency.
The sleek design evokes luxury and modernity, yet it’s still small enough to fit in your pocket. The hardware is made from high-quality materials, and their wallets support over 1000 coins and tokens.
Now, if you’re an NFT enthusiast or collector, and need to keep your NFTs safe, while having full visibility to any smart contracts against which you are interacting, signing, or anything more, the SecuX Nifty NFT wallet is for you!
The SecuX Nifty is a first-of-its-kind wallet for non-fungible tokens that also includes the military-grade Infineon Secure Element chip, while also boasts a 2.8 inch color touchscreen. Pretty cool!
Remember that keeping your private keys offline is the only way to ensure that your crypto is safe from hackers. If you’re looking for a hardware wallet that is both beautiful and secure, SecuX has you covered.
This Discord hack highlights the importance of keeping good crypto wallet hygiene!
By separating out your day-to-day spending crypto into hot wallets, and locking away your larger savings offline in vault-grade cold storage solutions, you can help protect your assets against the next creative hack.
Stay safe out there!