Shamanzs Discord Hack: Difference between revisions
No edit summary |
(Initial 30 minutes completed.) |
||
| Line 1: | Line 1: | ||
{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/shamanzsdiscordhack.php}} | {{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/shamanzsdiscordhack.php}}[[File:Shamanzs.jpg|thumb|Shamanzs]]Shamanzs NFT Discord included the third party Ticket Tool plug-in, which was either malicious or exploited by a third party to post malicious links on the discord channel. The malicious link took users to a fake minting page, where they could generously donate their money to the hacker if they didn't have an interest in verifying the smart contract address. Multiple users were scammed, and it doesn't seem like the project did anything to assist victims. Proceeds were mixed with TornadoCash. | ||
== About Shamanzs == | |||
<ref name="shamanzs-8529" /><ref name="nftdroops-8530" /> | |||
"Barcelona based award-winning design studio Brosmind, is led by brothers Juan and Alejandro." "Shamanzs is an original collection of 9898 programmatically and randomly generated NFTs on the Ethereum blockchain. Hundreds of traits have been drawn by hand, to create a vast array of high quality and unique loving characters." "Mint Date: May 19[, 2022]" | "Barcelona based award-winning design studio Brosmind, is led by brothers Juan and Alejandro." "Shamanzs is an original collection of 9898 programmatically and randomly generated NFTs on the Ethereum blockchain. Hundreds of traits have been drawn by hand, to create a vast array of high quality and unique loving characters." "Mint Date: May 19[, 2022]" | ||
| Line 59: | Line 56: | ||
|- | |- | ||
|April 1st, 2022 12:10:00 AM MDT | |April 1st, 2022 12:10:00 AM MDT | ||
| | |ZachXBT Reports Attack | ||
| | |Twitter user ZachXBT reports that the Shamanz Discord is also attacked<ref name="zachxbttwitter-8538" />. The funds are being sent to Fake_Phishing5519<ref name="zachxbttwitter-8538" /><ref name="etherscan-81362">[https://etherscan.io/address/0xad7f0a2427f93bc8fc178a73ae0d2d188682884f Fake_Phishing5519 Wallet - Etherscan] (Jun 20, 2022)</ref>. | ||
|- | |||
|April 1st, 2022 12:56:24 AM MDT | |||
|Shamanz Report On Twitter | |||
|Shamanz posts a response on Twitter<ref name=":0">[https://web.archive.org/web/20220401065624/https://twitter.com/shamanzs/status/1509786742953496581 Shamanz - "We acted fast and in less than 5 minutes we could find the hack. Thanks for everyone helping. The ticket bot has been compromised, remove it from you server if you haven’t yet. We made our DC private." - Twitter Archive April 1st, 2022 12:56:24 AM MDT]" (Apr 21, 2023)</ref> indicating that they "acted fast"<ref name="shamanzstwitter-8535" />. | |||
|- | |||
|April 1st, 2022 12:35:00 PM MDT | |||
|Vice News Article Published | |||
|Vice News publishes an article on the situation<ref>[https://web.archive.org/web/20220401184001/https://www.vice.com/en/article/n7nywg/bored-ape-yacht-club-other-major-nft-project-discords-hacked-by-scammers Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers - Vice News Archive April 1st, 2022 12:40:01 PM MDT] (Apr 21, 2023)</ref>, which includes that the Discord channels of platforms including Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz were all hacked. It provides an excerpt of some of the phishing posts, some basic blockchain analysis, and mention of some other Discord attacks<ref name="vice-85282">[https://www.vice.com/en/article/n7nywg/bored-ape-yacht-club-other-major-nft-project-discords-hacked-by-scammers Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers - Vice] (Jul 17, 2022)</ref>. | |||
|- | |||
|April 1st, 2022 12:46:00 AM MDT | |||
|Serpent Reports Ticket Tool Hack | |||
|Twitter user Serpent (formerly SerpentAU) makes another post that it's "100% CONFIRMED" that "TICKET TOOL IS HACKED" along with screenshots of an "AUDIT LOG FROM DOODLES & SHAMANZS"<ref>[https://twitter.com/Serpent/status/1509784187154628614 Serpent - "TICKET TOOL IS HACKED" - Twitter] (Apr 19, 2023)</ref><ref>[https://web.archive.org/web/20220401071905/https://twitter.com/SerpentAU/status/1509784187154628614 SerpentAU - "TICKET TOOL IS HACKED" - Twitter Archive April 1st, 2022 1:19:05 AM MDT] (Apr 19, 2023)</ref>. | |||
|- | |||
|April 1st, 2022 1:34:00 AM MDT | |||
|Ticket Tool Posts Tweet | |||
|Ticket Tool posts an update Tweet that the problem was a recent update that "had a bug allowing for some type of permission exploit". The developer reported that he "reverted the update to the previous uncompromised version and will be looking into exactly how this happened"<ref name="tickettooltwitter-85372">[https://twitter.com/Ticket_Tool/status/1509796229047275559 Ticket_Tool - "A recent update I made to the add command had a bug allowing for some type of permission exploit.." - Twitter] (Jul 17, 2022)</ref>. | |||
|- | |||
|April 2nd, 2022 9:12:00 AM MDT | |||
|Serpent Requesting Code Inspection | |||
|Serpent requests to be unbanned from the Ticket Tool discord and that he be allowed to look at the source code to get more information<ref>[https://twitter.com/Serpent/status/1510274086819180547 Serpent - "can you unban me from the discord? ... I would like to look at the code to see what happened." - Twitter] (Apr 21, 2023)</ref>. His Tweet does not appear to have ever been responded to. | |||
|- | |||
|April 2nd, 2022 5:23:48 PM MDT | |||
|CryptoHubK Article Published | |||
|CryptoHubK published a summary of the situation. It is reported that hackers gained access to the Discord of Bored Ape Yacht Club, Mutant Ape Yacht Club, and Mutant Ape Kennel Club. The article included the PeckShield alert. Some information is later included on the Doodle NFT Discord attack, and the suggestion that this was responsible for the loss of Jay Chou's BAYC #3738. The article also includes general information on other Discord hacks, however it appears to incorrectly state the dates as March 1st for other attacks<ref name="chubk-81283">[https://chubk.com/bored-ape-yacht-club-bayc-officially-confirmed-the-projects-discord-channel-has-been-hacked/ Bored Ape Yacht Club (BAYC) officially confirmed the project's Discord channel has been hacked - CryptoHubK] (Jun 19, 2022)</ref>. | |||
|- | |||
|April 4th, 2022 10:39:11 AM MDT | |||
|Tech Radar Article Published | |||
|TechRadar publishes an article on the situation<ref>[https://web.archive.org/web/20220405033911/https://www.techradar.com/news/several-huge-nft-discords-hacked-by-scam-attacks Several huge NFT Discords hacked by scam attacks - TechRadar Archive April 4th, 2022 9:39:11 PM MDT] (Apr 21, 2023)</ref>. It includes Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz. An example of the phishing tweet on Bored Ape Yacht Club is provided, as well as the response by Noyki Club. It gives some background on the NFT minting process, and mentions that all projects were quick to react to the situation. Information about the wallets were also included<ref name="techradar-8534" />. | |||
|- | |||
|April 4th, 2022 10:48:00 AM MDT | |||
|Candid Technology Article Published | |||
|Candid Technology publishes an article on the situation. The article mentions Bored Ape Yacht Club, Nyoki, and Shamanzs as victims, as well as referencing attacks on Doodles and Kaiju Kingz as reported by ZachXBT. The reactions by platforms Nyoki Club and Bored Ape Yacht Club were included, as well as wallet addresses Fake_Phishing5519 and Fake_Phishing5520 and some of the attempts at mixing the proceeds<ref name="candidtechnology-8533" />. | |||
|- | |||
|April 4th, 2022 | |||
|Game News 24 Article Published | |||
|Game News 24 publishes an article that "Bored Ape Yacht Club, Nyoki and Shamanz have all tweeted warnings to users that their Twitter bots have been hacked and are advertising new, completely fake NFTs" and that "the link directs users’ crypto to a pair of crypto wallets that have been illegally laundering their ill-gotten gains"<ref name="gamenews24-8531" />. | |||
|- | |||
|April 8th, 2022 12:11:23 PM MDT | |||
|NFTNow Article Published | |||
|NFTNow publishes an article on the situation<ref>[https://web.archive.org/web/20220408181123/https://nftnow.com/news/warning-hackers-are-targeting-discord-bots-to-rob-nft-users/ Warning: Hackers Are Targeting Discord Bots to Rob Nft Users - NFTNow Archive April 8th, 2022 12:11:23 PM MDT] (Apr 21, 2023)</ref>. It mentions Bored Ape Yacht Club, Shamanz, and Nyoki Club as the projects with their Discord channels attacked. Fake NFT links are included, and a specific quote of the announcements for Nyoki Club. Background on the funds, wallets, and some history of Discord attacks is also included in the article<ref name="nftnow-8532" />. | |||
|- | |- | ||
| | | | ||
| Line 69: | Line 106: | ||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost is unknown. | The total amount lost is unknown. | ||
Attackers wallet is reportedly included FakePhishing_5519<ref name="etherscan-81362" /> and FakePhishing_5520<ref name="etherscan-8490" />. | |||
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | ||
| Line 74: | Line 113: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | ||
=== Shamanz Twitter Post === | |||
Shamanz posted on Twitter<ref name=":0" />.<blockquote>We acted fast and in less than 5 minutes we could find the hack. Thanks for everyone helping. The ticket bot has been compromised, remove it from you server if you haven’t yet. We made our DC private.</blockquote> | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
| Line 105: | Line 147: | ||
== References == | == References == | ||
<references><ref name="chubk-8128">[https://chubk.com/bored-ape-yacht-club-bayc-officially-confirmed-the-projects-discord-channel-has-been-hacked/ Bored Ape Yacht Club (BAYC) officially confirmed the project's Discord channel has been hacked - CryptoHubK] (Jun 19, 2022)</ref> | <references> | ||
<ref name="chubk-8128">[https://chubk.com/bored-ape-yacht-club-bayc-officially-confirmed-the-projects-discord-channel-has-been-hacked/ Bored Ape Yacht Club (BAYC) officially confirmed the project's Discord channel has been hacked - CryptoHubK] (Jun 19, 2022)</ref> | |||
<ref name="shamanzs-8529">[https://shamanzs.com/ Shamanzs NFT - The Ones Who Know] (Jul 14, 2022)</ref> | <ref name="shamanzs-8529">[https://shamanzs.com/ Shamanzs NFT - The Ones Who Know] (Jul 14, 2022)</ref> | ||
<ref name="nftdroops-8530">[https://nftdroops.com/nft/shamanzs/ Shamanzs NFT – NFTdroops] (Jul 14, 2022)</ref> | <ref name="nftdroops-8530">[https://nftdroops.com/nft/shamanzs/ Shamanzs NFT – NFTdroops] (Jul 14, 2022)</ref> | ||
<ref name="gamenews24-8531">[https://game-news24.com/2022/04/04/the-nft-discord-channels-are-attacked-by-hackers-who-seek-to-gain-traction-in-cryptocurrency/ The NFT Discord Channels are Attacked By Hackers, who seek to gain traction in Cryptocurrency - Game News 24] (Jul 16, 2022)</ref> | <ref name="gamenews24-8531">[https://game-news24.com/2022/04/04/the-nft-discord-channels-are-attacked-by-hackers-who-seek-to-gain-traction-in-cryptocurrency/ The NFT Discord Channels are Attacked By Hackers, who seek to gain traction in Cryptocurrency - Game News 24] (Jul 16, 2022)</ref> | ||
<ref name="nftnow-8532">[https://nftnow.com/news/warning-hackers-are-targeting-discord-bots-to-rob-nft-users/ Warning: Hackers Are Targeting Discord Bots to Rob NFT Users - NFTNow] (Jul 16, 2022)</ref> | |||
<ref name="nftnow-8532">[https://nftnow.com/news/warning-hackers-are-targeting-discord-bots-to-rob-nft-users/ Warning: Hackers Are Targeting Discord Bots to Rob NFT Users] (Jul 16, 2022)</ref> | <ref name="candidtechnology-8533">[https://candid.technology/nft-discord-hack-scam-bayc-nyoki-shamanz/ BAYC, Nyoki, Shamanz and other NFT projects suffer Discord hack - Candid Technology] (Jul 17, 2022)</ref> | ||
<ref name="techradar-8534">[https://www.techradar.com/news/several-huge-nft-discords-hacked-by-scam-attacks Several huge NFT Discords hacked by scam attacks - TechRadar] (Jul 17, 2022)</ref> | |||
<ref name="candidtechnology-8533">[https://candid.technology/nft-discord-hack-scam-bayc-nyoki-shamanz/ BAYC, Nyoki, Shamanz and other NFT projects suffer Discord hack] (Jul 17, 2022)</ref> | |||
<ref name="techradar-8534">[https://www.techradar.com/news/several-huge-nft-discords-hacked-by-scam-attacks Several huge NFT Discords hacked by scam attacks | |||
<ref name="vice-8528">[https://www.vice.com/en/article/n7nywg/bored-ape-yacht-club-other-major-nft-project-discords-hacked-by-scammers Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers] (Jul 17, 2022)</ref> | <ref name="vice-8528">[https://www.vice.com/en/article/n7nywg/bored-ape-yacht-club-other-major-nft-project-discords-hacked-by-scammers Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers] (Jul 17, 2022)</ref> | ||
<ref name="etherscan-8136">https://etherscan.io/address/0xad7f0a2427f93bc8fc178a73ae0d2d188682884f (Jun 20, 2022)</ref> | |||
<ref name="etherscan-8136"> | <ref name="etherscan-8490">[https://etherscan.io/address/0x82b9d87ffd80449ca96ec67c19f5d0631b18d5db Fake_Phishing5520 Wallet - Etherscan] (Jul 13, 2022)</ref> | ||
<ref name="shamanzstwitter-8535">[https://web.archive.org/web/20220401065639/https://twitter.com/shamanzs/status/1509786742953496581 shamanzs - "We acted fast and in less than 5 minutes we could find the hack. Thanks for everyone helping. The ticket bot has been compromised, remove it from you server if you haven’t yet. We made our DC private." - Twitter Archive April 1st, 2022 12:56:39 AM MDT] (Jul 17, 2022)</ref> | |||
<ref name="etherscan-8490">[https://etherscan.io/address/0x82b9d87ffd80449ca96ec67c19f5d0631b18d5db | |||
<ref name="shamanzstwitter-8535">[https://twitter.com/shamanzs/status/1509786742953496581 | |||
<ref name="serpenttwitter-8536">[https://twitter.com/Serpent/status/1509784187154628614 @Serpent Twitter] (Jul 17, 2022)</ref> | <ref name="serpenttwitter-8536">[https://twitter.com/Serpent/status/1509784187154628614 @Serpent Twitter] (Jul 17, 2022)</ref> | ||
<ref name="tickettooltwitter-8537">[https://twitter.com/Ticket_Tool/status/1509796229047275559 @Ticket_Tool Twitter] (Jul 17, 2022)</ref> | <ref name="tickettooltwitter-8537">[https://twitter.com/Ticket_Tool/status/1509796229047275559 @Ticket_Tool Twitter] (Jul 17, 2022)</ref> | ||
<ref name="zachxbttwitter-8538">[https://twitter.com/zachxbt/status/1509775311751286784 zachxbt - "Shamanzs Discord hacked too." - Twitter] (Jul 17, 2022)</ref> | |||
<ref name="zachxbttwitter-8538">[https://twitter.com/zachxbt/status/1509775311751286784 | </references> | ||
Revision as of 15:51, 21 April 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Shamanzs NFT Discord included the third party Ticket Tool plug-in, which was either malicious or exploited by a third party to post malicious links on the discord channel. The malicious link took users to a fake minting page, where they could generously donate their money to the hacker if they didn't have an interest in verifying the smart contract address. Multiple users were scammed, and it doesn't seem like the project did anything to assist victims. Proceeds were mixed with TornadoCash.
About Shamanzs
"Barcelona based award-winning design studio Brosmind, is led by brothers Juan and Alejandro." "Shamanzs is an original collection of 9898 programmatically and randomly generated NFTs on the Ethereum blockchain. Hundreds of traits have been drawn by hand, to create a vast array of high quality and unique loving characters." "Mint Date: May 19[, 2022]"
"The wisest Monkzs, Sadhuzs, Godzs and Guruzs on spiritual land, no matter which ancient religion they belong to, are secretly joining forces to create a powerful unified legion. Their goal is to spread love and good vibezs to erase bad energies from mother Earth for once. A new army of Shamanzs is secretly emerging, and the largest community of followerzs ever seen, is about to enlighten the whole metaverse with limitless positive energy." "Leaders from different tribes, beliefs, religions, backgrounds and natures are fusing in an evolved and upgraded version; self-proclaimed as SHAMANZS."
"Also in the afternoon of March 1st. A number of other famous NFT projects were also hacked by Discord in a similar way, including Doodles, Shamanzs and Nyoki."
"Hackers are mainly posing a fake phishing scam using the Discord Bot to disguise the fake links as legitimate new offerings. Vice confirmed that the link links users to two crypto wallets, such as Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan, and that both wallets have experience extensive activity over the past few days as the hackers try to launder their stolen cryptocurrency."
"The first account obtained one NFT, sold it, and sent almost 20 ETH to the second wallet. The second one then sent more than 60 ETH to a mixing service, to “launder” the tokens. After that, the second wallet sent .6 ETH to two addresses - one inactive, and one with more than 1,400 ETH, and more than 6 million Tether coins."
"Bored Ape Yacht Club, Nyoki and Shamanz have all tweeted warnings to users that their Twitter bots have been hacked and are advertising new, completely fake NFTs. If users take users to legitimate NFT sites, the link directs users’ crypto to a pair of crypto wallets that have been illegally laundering their ill-gotten gains."
"We acted fast and in less than 5 minutes we could find the hack. Thanks for everyone helping. The ticket bot has been compromised, remove it from you server if you haven’t yet. We made our DC private."
While Ticket Tool has not released an official announcement, they did offer this explanation: "A recent update I made to the add command had a bug allowing for some type of permission exploit. I've reverted the update to the previous uncompromised version and will be looking into exactly how this happened. The bot itself is not compromised beyond a very unfortunate bug."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| April 1st, 2022 12:10:00 AM MDT | ZachXBT Reports Attack | Twitter user ZachXBT reports that the Shamanz Discord is also attacked[3]. The funds are being sent to Fake_Phishing5519[3][4]. |
| April 1st, 2022 12:56:24 AM MDT | Shamanz Report On Twitter | Shamanz posts a response on Twitter[5] indicating that they "acted fast"[6]. |
| April 1st, 2022 12:35:00 PM MDT | Vice News Article Published | Vice News publishes an article on the situation[7], which includes that the Discord channels of platforms including Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz were all hacked. It provides an excerpt of some of the phishing posts, some basic blockchain analysis, and mention of some other Discord attacks[8]. |
| April 1st, 2022 12:46:00 AM MDT | Serpent Reports Ticket Tool Hack | Twitter user Serpent (formerly SerpentAU) makes another post that it's "100% CONFIRMED" that "TICKET TOOL IS HACKED" along with screenshots of an "AUDIT LOG FROM DOODLES & SHAMANZS"[9][10]. |
| April 1st, 2022 1:34:00 AM MDT | Ticket Tool Posts Tweet | Ticket Tool posts an update Tweet that the problem was a recent update that "had a bug allowing for some type of permission exploit". The developer reported that he "reverted the update to the previous uncompromised version and will be looking into exactly how this happened"[11]. |
| April 2nd, 2022 9:12:00 AM MDT | Serpent Requesting Code Inspection | Serpent requests to be unbanned from the Ticket Tool discord and that he be allowed to look at the source code to get more information[12]. His Tweet does not appear to have ever been responded to. |
| April 2nd, 2022 5:23:48 PM MDT | CryptoHubK Article Published | CryptoHubK published a summary of the situation. It is reported that hackers gained access to the Discord of Bored Ape Yacht Club, Mutant Ape Yacht Club, and Mutant Ape Kennel Club. The article included the PeckShield alert. Some information is later included on the Doodle NFT Discord attack, and the suggestion that this was responsible for the loss of Jay Chou's BAYC #3738. The article also includes general information on other Discord hacks, however it appears to incorrectly state the dates as March 1st for other attacks[13]. |
| April 4th, 2022 10:39:11 AM MDT | Tech Radar Article Published | TechRadar publishes an article on the situation[14]. It includes Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz. An example of the phishing tweet on Bored Ape Yacht Club is provided, as well as the response by Noyki Club. It gives some background on the NFT minting process, and mentions that all projects were quick to react to the situation. Information about the wallets were also included[15]. |
| April 4th, 2022 10:48:00 AM MDT | Candid Technology Article Published | Candid Technology publishes an article on the situation. The article mentions Bored Ape Yacht Club, Nyoki, and Shamanzs as victims, as well as referencing attacks on Doodles and Kaiju Kingz as reported by ZachXBT. The reactions by platforms Nyoki Club and Bored Ape Yacht Club were included, as well as wallet addresses Fake_Phishing5519 and Fake_Phishing5520 and some of the attempts at mixing the proceeds[16]. |
| April 4th, 2022 | Game News 24 Article Published | Game News 24 publishes an article that "Bored Ape Yacht Club, Nyoki and Shamanz have all tweeted warnings to users that their Twitter bots have been hacked and are advertising new, completely fake NFTs" and that "the link directs users’ crypto to a pair of crypto wallets that have been illegally laundering their ill-gotten gains"[17]. |
| April 8th, 2022 12:11:23 PM MDT | NFTNow Article Published | NFTNow publishes an article on the situation[18]. It mentions Bored Ape Yacht Club, Shamanz, and Nyoki Club as the projects with their Discord channels attacked. Fake NFT links are included, and a specific quote of the announcements for Nyoki Club. Background on the funds, wallets, and some history of Discord attacks is also included in the article[19]. |
Total Amount Lost
The total amount lost is unknown.
Attackers wallet is reportedly included FakePhishing_5519[4] and FakePhishing_5520[20].
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Shamanz Twitter Post
Shamanz posted on Twitter[5].
We acted fast and in less than 5 minutes we could find the hack. Thanks for everyone helping. The ticket bot has been compromised, remove it from you server if you haven’t yet. We made our DC private.
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
It is recommended to be extremely cautious of any links posted on Discord, given the repeated hacks of the platform. Users need to be cautious with any posted links. Always check any communication against multiple official sources of a project.
Platforms should be extremely cautious regarding the permissions which are granted via Discord, and limit the access levels to critical functionality. Discord should improve their security and offer multi-signature permissions for key functions. Ideally, public groups should be managed from an exclusive account which isn't used for anything else.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Shamanzs NFT - The Ones Who Know (Jul 14, 2022)
- ↑ Shamanzs NFT – NFTdroops (Jul 14, 2022)
- ↑ 3.0 3.1 zachxbt - "Shamanzs Discord hacked too." - Twitter (Jul 17, 2022)
- ↑ 4.0 4.1 Fake_Phishing5519 Wallet - Etherscan (Jun 20, 2022)
- ↑ 5.0 5.1 Shamanz - "We acted fast and in less than 5 minutes we could find the hack. Thanks for everyone helping. The ticket bot has been compromised, remove it from you server if you haven’t yet. We made our DC private." - Twitter Archive April 1st, 2022 12:56:24 AM MDT" (Apr 21, 2023)
- ↑ shamanzs - "We acted fast and in less than 5 minutes we could find the hack. Thanks for everyone helping. The ticket bot has been compromised, remove it from you server if you haven’t yet. We made our DC private." - Twitter Archive April 1st, 2022 12:56:39 AM MDT (Jul 17, 2022)
- ↑ Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers - Vice News Archive April 1st, 2022 12:40:01 PM MDT (Apr 21, 2023)
- ↑ Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers - Vice (Jul 17, 2022)
- ↑ Serpent - "TICKET TOOL IS HACKED" - Twitter (Apr 19, 2023)
- ↑ SerpentAU - "TICKET TOOL IS HACKED" - Twitter Archive April 1st, 2022 1:19:05 AM MDT (Apr 19, 2023)
- ↑ Ticket_Tool - "A recent update I made to the add command had a bug allowing for some type of permission exploit.." - Twitter (Jul 17, 2022)
- ↑ Serpent - "can you unban me from the discord? ... I would like to look at the code to see what happened." - Twitter (Apr 21, 2023)
- ↑ Bored Ape Yacht Club (BAYC) officially confirmed the project's Discord channel has been hacked - CryptoHubK (Jun 19, 2022)
- ↑ Several huge NFT Discords hacked by scam attacks - TechRadar Archive April 4th, 2022 9:39:11 PM MDT (Apr 21, 2023)
- ↑ Several huge NFT Discords hacked by scam attacks - TechRadar (Jul 17, 2022)
- ↑ BAYC, Nyoki, Shamanz and other NFT projects suffer Discord hack - Candid Technology (Jul 17, 2022)
- ↑ The NFT Discord Channels are Attacked By Hackers, who seek to gain traction in Cryptocurrency - Game News 24 (Jul 16, 2022)
- ↑ Warning: Hackers Are Targeting Discord Bots to Rob Nft Users - NFTNow Archive April 8th, 2022 12:11:23 PM MDT (Apr 21, 2023)
- ↑ Warning: Hackers Are Targeting Discord Bots to Rob NFT Users - NFTNow (Jul 16, 2022)
- ↑ Fake_Phishing5520 Wallet - Etherscan (Jul 13, 2022)
Cite error: <ref> tag with name "chubk-8128" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "vice-8528" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "etherscan-8136" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "serpenttwitter-8536" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "tickettooltwitter-8537" defined in <references> is not used in prior text.