Illuvium Discord Server Hack: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/illuviumdiscordserverhack.php}} {{Unattributed Sources}} thumb|Illuvium NFT ProjectOn December 31, 2021, Illuvium's Discord server experienced a breach. Hackers gained access to a core contributor's account and inserted a rogue Discord webhook in the #jobs channel. They impersonated an Illuvium bot, promoting a New Year NFT event with a fake website resembling Illuvium's NFT...") |
(Another 30 minutes complete. All sources merged in. Prevention added. Information relocated around.) |
||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}[[File:Illuvium.jpg|thumb|Illuvium NFT Project]]On December 31, 2021, Illuvium's Discord server experienced a breach. Hackers gained access to a core contributor's account and inserted a rogue Discord webhook in the #jobs channel. They impersonated an Illuvium bot, promoting a New Year NFT event with a fake website resembling Illuvium's NFT platform. When users authorized the platform to access their wallets, the attacker stole digital assets, resulting in losses of $150,000 from 41 wallets. Illuvium took immediate action by banning compromised accounts, issuing warnings, and revoking unauthorized access. To compensate victims, Illuvium initiated a refund process, allowing affected users to claim their reimbursement by filling out a compensation form. | ||
[[File:Illuvium.jpg|thumb|Illuvium NFT Project]]On December 31, 2021, Illuvium's Discord server experienced a breach. Hackers gained access to a core contributor's account and inserted a rogue Discord webhook in the #jobs channel. They impersonated an Illuvium bot, promoting a New Year NFT event with a fake website resembling Illuvium's NFT platform. When users authorized the platform to access their wallets, the attacker stole digital assets, resulting in losses of $150,000 from 41 wallets. Illuvium took immediate action by banning compromised accounts, issuing warnings, and revoking unauthorized access. To compensate victims, Illuvium initiated a refund process, allowing affected users to claim their reimbursement by filling out a compensation form. | |||
== About Illuvium == | == About Illuvium == | ||
| Line 17: | Line 12: | ||
"Illuvium is a decentralised autonomous organisation (DAO) with a global reach, boasting over 150 dedicated contributors and thousands of empowered token holders. Driven by collaboration, our goal is to provide an unparalleled experience to players, and we’re dedicated to making it happen." | "Illuvium is a decentralised autonomous organisation (DAO) with a global reach, boasting over 150 dedicated contributors and thousands of empowered token holders. Driven by collaboration, our goal is to provide an unparalleled experience to players, and we’re dedicated to making it happen." | ||
" | Homepage: <ref name="illuvium-11790" /> | ||
" | |||
YouTube Video: <ref name="youtube-11791" /> | |||
== The Reality == | == The Reality == | ||
Discord servers are commonly breached. Scammers will typically publish a fraudulent offer on the page to trick subscribers to part with their money. | |||
== What Happened == | == What Happened == | ||
"On the 31st of December 2021, the Illuvium discord server was compromised. Hackers were able to gain access to the account of a core Illuvium contributor. Once they did, they connected a rogue Discord webhook in the #jobs channel. In that channel, were impersonating an Illuvium bot and announcing a New Year NFT stealth mind." | |||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - Illuvium Discord Server Hack | |+Key Event Timeline - Illuvium Discord Server Hack | ||
| Line 70: | Line 29: | ||
|October 30th, 2021 8:45:13 AM MDT | |October 30th, 2021 8:45:13 AM MDT | ||
|Illuvium Gameplay Trailer | |Illuvium Gameplay Trailer | ||
|Illuvium publishes a | |Illuvium publishes a gameplay trailer for their NFTs<ref name="youtube-11791" />. | ||
|- | |- | ||
|December 31st, 2021 3:57:00 AM MST | |December 31st, 2021 3:57:00 AM MST | ||
|Illuvium Warning Tweet | |Illuvium Warning Tweet | ||
|Illuvium shares a warning on their Twitter channel. | |Illuvium shares a warning on their Twitter channel<ref name="illuviumiotwitter-11793" />. This is simply a generic warning about a "rise in scams in our Discord" and requests the community "please DO NOT click any links in the server or in DMs that promise a reward or prize" because they "are always scams". | ||
|- | |- | ||
|December 31st, 2021 4:10:00 AM MST | |December 31st, 2021 4:10:00 AM MST | ||
|Illuvium Update | |Illuvium Update | ||
|Illuvium updates the tweet with confirmation of the attack and additional details about the unfolding situation. | |Illuvium updates the tweet with confirmation of the attack and additional details about the unfolding situation<ref name=":0">[https://twitter.com/illuviumio/status/1476873331462737922 Illuvium - "UPDATE: We are aware that a number of messages were posted to an Illuvium channel from an unverified account. We took immediate action and have removed the ability for the unverified account to post anything further." - Twitter] (Sep 21, 2023)</ref>. | ||
|- | |||
|December 31st, 2021 5:31:00 AM MST | |||
|Scorching Heat Twitter Post | |||
|Illuvium takes a break from the discussion about their recent Discord breach to ask their community if they are "ready for 2022" and provide them the opportunity to "[e]xplore the scorching heat of the Crimson Wastes"<ref name="illuviumiotwitter-11792" />. | |||
|- | |- | ||
|January 31st, 2022 12:04:00 AM MST | |January 31st, 2022 12:04:00 AM MST | ||
|Compensation Form Online | |Compensation Form Online | ||
|The Illuvium team publishes a compensation form for affected users in a Google Doc. | |The Illuvium team publishes a compensation form for affected users in a Google Doc. | ||
|- | |||
|February 1st, 2022 5:47:30 AM MST | |||
|Crypto3DGames Article | |||
|Crypto3DGames publishes an article about reimbursement for the breach<ref name="cryptogames3d-11789" />. | |||
|} | |} | ||
== Technical Details == | == Technical Details == | ||
"On the 31st of December 2021, the Illuvium discord server was compromised. Hackers were able to gain access to the account of a core Illuvium contributor. Once they did, they connected a rogue Discord webhook in the #jobs channel. In that channel, were impersonating an Illuvium bot and announcing a New Year NFT stealth mind." | |||
"In that announcement, they attached a fake website similar to the Illuvium NFT platform. Once a user authorizes the platform to gain access to their wallets, the attacker will steal their digital assets. They were able to steal $150k from 41 wallets. However, Iluuvium believes that not all these wallets are those of the hackers. It believes that some of these wallets are those of the hackers. The game is also advising Illuvians who interacted with smart contract to revoke the site immediately." | |||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost has been estimated at $151,000 USD. | The total amount lost has been estimated at $151,000 USD. | ||
"In that announcement, they attached a fake website similar to the Illuvium NFT platform. Once a user authorizes the platform to gain access to their wallets, the attacker will steal their digital assets. They were able to steal $150k from 41 wallets. However, Iluuvium believes that not all these wallets are those of the hackers. It believes that some of these wallets are those of the hackers. The game is also advising Illuvians who interacted with smart contract to revoke the site immediately." | |||
== Immediate Reactions == | == Immediate Reactions == | ||
The Illuvium team warned the community about the situation on Twitter. | |||
=== Series Of Tweets From Illuvium Team === | |||
Illuvium sent out a tweet to their community to inform them of the breach<ref name="illuviumiotwitter-11793" />.<blockquote>"Illuvium Community, we are seeing a rise in scams in our Discord lately. As a reminder, please DO NOT click any links in the server or in DMs that promise a reward or prize. They are always scams. | |||
More details will be shared soon. But for now, please do not click on any links."</blockquote>This was followed by a further tweet emphasizing the unverified nature of the poster<ref name=":0" />.<blockquote>"UPDATE: We are aware that a number of messages were posted to an Illuvium channel from an unverified account. We took immediate action and have removed the ability for the unverified account to post anything further." | |||
"The team is analysing the situation to ensure we can prevent this kind of post in the future and also to determine if any further actions need to be taken." | |||
"As a reminder, Illuvium will NEVER ask our community to click links in Discord posts. Even if a link appears legitimate, Illuvium will NEVER ask our community to interact in this way. More information will follow after further analysis."</blockquote>"Once Illuvium became aware of this happening, Illuvium banned the compromised accounts. It also sent out warnings to members of its discord server. Their response team revoked the access of these accounts from accessing Illuvium’s internal systems." | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
Illuvium is planning to reimburse funds stolen during a recent hack of its Discord server. The hack occurred on December 31, 2021, when hackers gained access to the account of a core Illuvium contributor and used a rogue Discord webhook to impersonate an Illuvium bot. They announced a New Year NFT stealth drop and attached a fake website resembling the Illuvium NFT platform. Users who authorized the platform to access their wallets had their digital assets stolen, resulting in the loss of $150,000 from 41 wallets.<ref name="cryptogames3d-11789" /> | |||
Illuvium took several security measures to address the hack, including banning compromised accounts, pruning inactive users and bad actors, limiting the ability of new users and bots to see existing users, and revising user and role permissions in the server. Additionally, Illuvium plans to compensate victims by reimbursing the USDT equivalent of the stolen funds directly to their accounts.<ref name="cryptogames3d-11789" /> | |||
Illuvium has provided a Discord Security Incident Compensation Application Form for affected users to recover their funds.<ref name="cryptogames3d-11789" /> | |||
== Total Amount Recovered == | == Total Amount Recovered == | ||
The total amount recovered is unknown. | The total amount recovered is unknown. | ||
"Despite Illuvium’s swift response, the hackers were able to steal $150k from 41 wallets. Following the recovery of their server, they could not recover the stolen funds. In this regard, the game will be refunding the assets stolen during the Illuvium discord server hack." | |||
"As mentioned previously, we will be reimbursing those who lost their funds in the Discord scam that occurred 31st December 2021 PT. All affected users need to complete this form to claim their compensation" | |||
"As part of its “post discord hack prodecures”, Illuvians will receive the USDT equivalent of the stolen funds. This will be done directly to the accounts of the victims. To recover your funds, fill the Illuvium Discord Security Incident Compensation Application Form." | |||
== Ongoing Developments == | == Ongoing Developments == | ||
TBD | |||
== Individual Prevention Policies == | == Individual Prevention Policies == | ||
{{Prevention:Individuals: | {{Prevention:Individuals:Double Check Transactions}} | ||
{{Prevention:Individuals:Safe Smart Contract Usage}} | |||
{{Prevention:Individuals:Store Funds Offline}} | |||
{{Prevention:Individuals:End}} | {{Prevention:Individuals:End}} | ||
== Platform Prevention Policies == | == Platform Prevention Policies == | ||
{{Prevention:Platforms: | {{Prevention:Platforms:Cryptocurrency Safety Quiz}} | ||
{{Prevention:Platforms:Regular Audit Procedures}} | |||
{{Prevention:Platforms:Establish Industry Insurance Fund}} | |||
{{Prevention:Platforms:End}} | {{Prevention:Platforms:End}} | ||
== Regulatory Prevention Policies == | == Regulatory Prevention Policies == | ||
{{Prevention:Regulators: | {{Prevention:Regulators:Cryptocurrency Education Mandate}} | ||
{{Prevention:Regulators:Platform Security Assessments}} | |||
{{Prevention:Regulators:Establish Industry Insurance Fund}} | |||
{{Prevention:Regulators:End}} | {{Prevention:Regulators:End}} | ||
== References == | == References == | ||
<references><ref name="cryptogames3d-11789">[https://cryptogames3d.com/illuvium-to-reimburse-funds-stolen-during-illuvium-discord-server-hack/ Illuvium to Reimburse Funds Stolen During Illuvium Discord Server Hack - Crypto Games 3D | <references> | ||
<ref name="cryptogames3d-11789">[https://cryptogames3d.com/illuvium-to-reimburse-funds-stolen-during-illuvium-discord-server-hack/ Illuvium to Reimburse Funds Stolen During Illuvium Discord Server Hack - Crypto Games 3D] (Jul 15, 2022)</ref> | |||
<ref name="illuvium-11790">[https://illuvium.io/ Illuvium] (Nov 18, 2022)</ref> | <ref name="illuvium-11790">[https://illuvium.io/ Illuvium Website] (Nov 18, 2022)</ref> | ||
<ref name="youtube-11791">[https://www.youtube.com/watch?v=mzT88eN4gts Illuvium - Gameplay Reveal Trailer | Collectible RPG & Autobattler Game - YouTube] (Sep 15, 2023)</ref> | |||
<ref name="youtube-11791">[https://www.youtube.com/watch?v=mzT88eN4gts Illuvium | <ref name="illuviumiotwitter-11792">[https://twitter.com/illuviumio/status/1476893868859826188 illuvium - "Explore the scorching heat of the Crimson Wastes. Are you ready for 2022?" - Twitter] (Sep 15, 2023)</ref> | ||
<ref name="illuviumiotwitter-11793">[https://twitter.com/illuviumio/status/1476870003760660482 Illuvium - "Illuvium Community, we are seeing a rise in scams in our Discord lately. As a reminder, please DO NOT click any links in the server or in DMs that promise a reward or prize. They are always scams. More details will be shared soon. But for now, please do not click on any links." - Twitter] (Sep 15, 2023)</ref> | |||
<ref name="illuviumiotwitter-11792">[https://twitter.com/illuviumio/status/1476893868859826188 | </references> | ||
<ref name="illuviumiotwitter-11793">[https://twitter.com/illuviumio/status/1476870003760660482 | |||
Latest revision as of 16:53, 21 September 2023
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
On December 31, 2021, Illuvium's Discord server experienced a breach. Hackers gained access to a core contributor's account and inserted a rogue Discord webhook in the #jobs channel. They impersonated an Illuvium bot, promoting a New Year NFT event with a fake website resembling Illuvium's NFT platform. When users authorized the platform to access their wallets, the attacker stole digital assets, resulting in losses of $150,000 from 41 wallets. Illuvium took immediate action by banning compromised accounts, issuing warnings, and revoking unauthorized access. To compensate victims, Illuvium initiated a refund process, allowing affected users to claim their reimbursement by filling out a compensation form.
About Illuvium
"Join the fight for ETH Welcome to the world of Illuvium"
"A decentralised studio building the world’s first Interoperable Blockchain Game (IBG) universe including an open-world exploration game, industrial city builder, and autobattler, all on the Ethereum blockchain.
Join a graphically-rich sci-fi adventure, explore 7 dazzling alien landscapes and conquer the wilderness to uncover the cataclysmic events that shattered Illuvium and help your crash-landed crew flourish!"
"Discover, hunt and capture over 150+ Illuvials, deadly beasts who rule this alien world—each possessing powerful abilities and synergies. Train your Illuvials to increase their power and fuse them together to create ascended forms, as you build the perfect Illuvial team."
"Illuvium is a decentralised autonomous organisation (DAO) with a global reach, boasting over 150 dedicated contributors and thousands of empowered token holders. Driven by collaboration, our goal is to provide an unparalleled experience to players, and we’re dedicated to making it happen."
Homepage: [1]
YouTube Video: [2]
The Reality
Discord servers are commonly breached. Scammers will typically publish a fraudulent offer on the page to trick subscribers to part with their money.
What Happened
"On the 31st of December 2021, the Illuvium discord server was compromised. Hackers were able to gain access to the account of a core Illuvium contributor. Once they did, they connected a rogue Discord webhook in the #jobs channel. In that channel, were impersonating an Illuvium bot and announcing a New Year NFT stealth mind."
| Date | Event | Description |
|---|---|---|
| October 30th, 2021 8:45:13 AM MDT | Illuvium Gameplay Trailer | Illuvium publishes a gameplay trailer for their NFTs[2]. |
| December 31st, 2021 3:57:00 AM MST | Illuvium Warning Tweet | Illuvium shares a warning on their Twitter channel[3]. This is simply a generic warning about a "rise in scams in our Discord" and requests the community "please DO NOT click any links in the server or in DMs that promise a reward or prize" because they "are always scams". |
| December 31st, 2021 4:10:00 AM MST | Illuvium Update | Illuvium updates the tweet with confirmation of the attack and additional details about the unfolding situation[4]. |
| December 31st, 2021 5:31:00 AM MST | Scorching Heat Twitter Post | Illuvium takes a break from the discussion about their recent Discord breach to ask their community if they are "ready for 2022" and provide them the opportunity to "[e]xplore the scorching heat of the Crimson Wastes"[5]. |
| January 31st, 2022 12:04:00 AM MST | Compensation Form Online | The Illuvium team publishes a compensation form for affected users in a Google Doc. |
| February 1st, 2022 5:47:30 AM MST | Crypto3DGames Article | Crypto3DGames publishes an article about reimbursement for the breach[6]. |
Technical Details
"On the 31st of December 2021, the Illuvium discord server was compromised. Hackers were able to gain access to the account of a core Illuvium contributor. Once they did, they connected a rogue Discord webhook in the #jobs channel. In that channel, were impersonating an Illuvium bot and announcing a New Year NFT stealth mind."
"In that announcement, they attached a fake website similar to the Illuvium NFT platform. Once a user authorizes the platform to gain access to their wallets, the attacker will steal their digital assets. They were able to steal $150k from 41 wallets. However, Iluuvium believes that not all these wallets are those of the hackers. It believes that some of these wallets are those of the hackers. The game is also advising Illuvians who interacted with smart contract to revoke the site immediately."
Total Amount Lost
The total amount lost has been estimated at $151,000 USD.
"In that announcement, they attached a fake website similar to the Illuvium NFT platform. Once a user authorizes the platform to gain access to their wallets, the attacker will steal their digital assets. They were able to steal $150k from 41 wallets. However, Iluuvium believes that not all these wallets are those of the hackers. It believes that some of these wallets are those of the hackers. The game is also advising Illuvians who interacted with smart contract to revoke the site immediately."
Immediate Reactions
The Illuvium team warned the community about the situation on Twitter.
Series Of Tweets From Illuvium Team
Illuvium sent out a tweet to their community to inform them of the breach[3].
"Illuvium Community, we are seeing a rise in scams in our Discord lately. As a reminder, please DO NOT click any links in the server or in DMs that promise a reward or prize. They are always scams. More details will be shared soon. But for now, please do not click on any links."
This was followed by a further tweet emphasizing the unverified nature of the poster[4].
"UPDATE: We are aware that a number of messages were posted to an Illuvium channel from an unverified account. We took immediate action and have removed the ability for the unverified account to post anything further."
"The team is analysing the situation to ensure we can prevent this kind of post in the future and also to determine if any further actions need to be taken."
"As a reminder, Illuvium will NEVER ask our community to click links in Discord posts. Even if a link appears legitimate, Illuvium will NEVER ask our community to interact in this way. More information will follow after further analysis."
"Once Illuvium became aware of this happening, Illuvium banned the compromised accounts. It also sent out warnings to members of its discord server. Their response team revoked the access of these accounts from accessing Illuvium’s internal systems."
Ultimate Outcome
Illuvium is planning to reimburse funds stolen during a recent hack of its Discord server. The hack occurred on December 31, 2021, when hackers gained access to the account of a core Illuvium contributor and used a rogue Discord webhook to impersonate an Illuvium bot. They announced a New Year NFT stealth drop and attached a fake website resembling the Illuvium NFT platform. Users who authorized the platform to access their wallets had their digital assets stolen, resulting in the loss of $150,000 from 41 wallets.[6]
Illuvium took several security measures to address the hack, including banning compromised accounts, pruning inactive users and bad actors, limiting the ability of new users and bots to see existing users, and revising user and role permissions in the server. Additionally, Illuvium plans to compensate victims by reimbursing the USDT equivalent of the stolen funds directly to their accounts.[6]
Illuvium has provided a Discord Security Incident Compensation Application Form for affected users to recover their funds.[6]
Total Amount Recovered
The total amount recovered is unknown.
"Despite Illuvium’s swift response, the hackers were able to steal $150k from 41 wallets. Following the recovery of their server, they could not recover the stolen funds. In this regard, the game will be refunding the assets stolen during the Illuvium discord server hack."
"As mentioned previously, we will be reimbursing those who lost their funds in the Discord scam that occurred 31st December 2021 PT. All affected users need to complete this form to claim their compensation"
"As part of its “post discord hack prodecures”, Illuvians will receive the USDT equivalent of the stolen funds. This will be done directly to the accounts of the victims. To recover your funds, fill the Illuvium Discord Security Incident Compensation Application Form."
Ongoing Developments
TBD
Individual Prevention Policies
Every approval on Web3 is an opportunity to lose all of the funds present in your wallet. Take the time to review the transaction in full. Fully check over the balance, permissions, and entire address which you are interacting with. Do not trust that your clipboard or any website front-end is guaranteed to provide an accurate address or transaction status. Always perform a test transaction prior to the first high-value transaction in any session.
Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Illuvium Website (Nov 18, 2022)
- ↑ 2.0 2.1 Illuvium - Gameplay Reveal Trailer | Collectible RPG & Autobattler Game - YouTube (Sep 15, 2023)
- ↑ 3.0 3.1 Illuvium - "Illuvium Community, we are seeing a rise in scams in our Discord lately. As a reminder, please DO NOT click any links in the server or in DMs that promise a reward or prize. They are always scams. More details will be shared soon. But for now, please do not click on any links." - Twitter (Sep 15, 2023)
- ↑ 4.0 4.1 Illuvium - "UPDATE: We are aware that a number of messages were posted to an Illuvium channel from an unverified account. We took immediate action and have removed the ability for the unverified account to post anything further." - Twitter (Sep 21, 2023)
- ↑ illuvium - "Explore the scorching heat of the Crimson Wastes. Are you ready for 2022?" - Twitter (Sep 15, 2023)
- ↑ 6.0 6.1 6.2 6.3 Illuvium to Reimburse Funds Stolen During Illuvium Discord Server Hack - Crypto Games 3D (Jul 15, 2022)