MaskByte Discord Hacked

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

MaskByte

The MaskByte NFT project had a new concept of NFTs which are guaranteed to be backed by a certain level of ETH, giving them a floor price. Prior to the project launching, the discord channel was attacked. The attacker posted a message about their "stealth launch" and instructed people to use maskbyte.net to complete the minting. Anyone who participated simply gave their funds to the attacker. The MaskByte developer (one person) has been working to reimburse all affected users, however it's unclear if this process has been completed 100% yet.

This is a global/international case not involving a specific country.

About MaskByte

"Mask Byte is an NFT that is created to be fully liquid and to begin a change in the NFT community, implementing liquidity into an ill-liquidable asset. Maskbyte will incentivize holding onto each NFT by allowing secondary sales to be added to a token which can be redeemed as a passive income."

"Maskbyte will be the first NFT that will be fully liquidable with its novel tokenomics. It will show what’s possible with interactions between the ERC-20 and ERC-721 protocols. The NFT will allow full liquidity of a unliquidable asset, something that has never been done before. So there is no risk involved! Tl;dr: There will only ever be 1,000 Genesis, minted for 1.0 ETH each. The 10,000 Gen 2 are minted by farming $BitByte Mask Byte can be staked in the Factory to earn $BitByte and pay a tax anytime they claim their $BitByte earnings. If a Maskbyte is unstaked from the liquidity pool, the accumulated $BitByte will be distributed to the other Maskbytes in the liquidity pool. The NFT is fully liquidity so you can sell it to the liquidity pool at any given time. Secondary sales made through the $BitByte will go through the liquidity pool and the individuals holding the NFT will be able receive $BitByte which will be able to be redeemed over a period of time."

"After dealing with the issues with ill-liquidity, I wanted to solve the problem of ill-liquidability and make a NFT that is fully liquid and is able to be sold at any given time." "The floor price of the NFT will be static at 1 ETH, the secondary sales will generate passive income passive income explanation; When someone buys the NFT, every HODL owner get some income, the ratio is based on perhaps the rarity of the NFT. For example person A tells person B to purchase the NFT. Person B purchases the NFT. All holders of the NFT receives a %’s of the purchased NFT so, Maskbyte Owners can promote sales and they instantly gain income! Hyping the NFT up will essentially get you money! When someone buys the NFT, some amount of money is added into the pool, and every fixed amount of time every NFT owner will receive a predetermined amount of income, Owners can assume that they will receive no less than expected fund, as long as the pool has liquidity."

"OCT 17th MaskByte's Discord was hacked w/ WebHooks." "The scammer used a Webhook to create a URL to send msgs to the Discord."

"We have decided to do a stealth mint for MaskByte due to the amazing support of our community! We hope everyone has a fair chance at minting. There is a limited amount of 10,000 MaskByte NFTs that are able to be minted and the mint price is 0.1 ETH. To mint your NFT, please follow the link below. (DO NOT USE ANY OTHER LINK, ALL OTHERS ARE FAKE!!!!)"

"Creat[ur]eToadz wasn't the first to get hacked this way. IMX Bears, MaskByte were targeted before Toadz. NBA topshots was targeted the same day as Creat[ur]eToadz."

"NBA Topshots, MaskByte, and other NFT discord projects were compromised in a similar fashion."

"Phantom Galaxies NFT did not compensation and the[ir] parent company is worth over 1.1 billion."

"I compensated out of pocket and I'm a single individual."

"Thank you for doing this."

"Only half the compensation has been paid out so far. I feel it’s quite bad you’re tweeting about like you’ve paid all of it."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

• Known history of when and how the service was started.
• What problems does the company or service claim to solve?
• What marketing materials were used by the firm or business?
• Audits performed, and excerpts that may have been included.
• Business registration documents shown (fake or legitimate).
• How were people recruited to participate?
• Public warnings and announcements prior to the event.

Don't Include:

• Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
• Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

Never click links directly from a discord channel. Always go through the official website.

Projects need to pick their moderator teams with care, train them, and not give them any unnecessary permission levels. Greater education for all new investors would help reduce the risks of similar attacks.

References

No Title (Jan 10)

@NFTherder Twitter (Jan 27)

@NFTherder Twitter (Jan 27)

@MaskByteNFT Twitter (Feb 1)

@MaskByteNFT Twitter (Feb 2)

maskbyte (@MaskByteNFT) | Twitter (Feb 2)

Maskbyte NFT (Feb 2)

MaskByte the next big hit of NFT creating and passive income mechanism you are still in time to get a WL spot!!!!!!! : NFT (Feb 2)

Maskbyte (Feb 2)

https://opensea.io/collection/maskbyte (Feb 2)

I recorded the Hacking of the Maskbyte discord server.Я записал взлом сервера MaskByte #SaveMaskByte - YouTube (Feb 2)

Redlion News (Feb 1)