Nyoki Club Discord Hack
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Nyoki Club is a popular set of 2,732 NFT characters. On April 1st, their Discord server was attacked, with a fake link posted promising a cheap mint of 1,000 new Nyoki NFT characters. It is believed that the access token was compromised when one of the Admin accounts used the same token to validate on another Discord serer. It is unknown how many users were affected. Nyoki club has agreed to cover all losses.
This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16]
About Nyoki Club
"Millions of years ago, Comet Nyoki struck the peak of Mount Fuji… This wasn’t any usual comet but a one of a kind falling star." "Comet Nyoki brought thousands of different and special little species from another universe to Japan. These creatures were named after the comet that crashed down to earth… The Nyokies have lived their secret lives on Mount Fuji for many years, but in current times they are all ready to explore the streets of Tokyo… and eventually the world!"
"Unique, random Nyokies have been created by the founders of Nyoki Club, which include 2,732 characters in 3D and 4K resolution. Nyokies look like big clay modelled bears, have a bulky body, low shoulders, prominent ears, and large vertical eyes." "With nearly endless combinations, all Nyokies are guaranteed to be unique and seamlessly lovely." "Each Nyoki is one-of-a-kind artwork and will be available to be minted on the Ethereum Blockchain from April 10th."
"BlockSecAlert tweeted that Nyoki Club's Discord account was attacked at 6:30 am (UTC) on April 1st. In line with what appears to be an ongoing trend with big NFT projects, the Nyoki Club hackers have been spreading links to fake minting sites."
"Although we were not using the hacked bots in our server, Attackers were able to send a fake mint website as an announcement by using one of the Founder's access tokens. We believe the token was recorded while founder was verifying himself in a different server."
"We've decided to roll out public minting for 1,000 Nyokie NFTs up for mint as a thank you to all your guys' support." "As the Nyoki family, we always follow and support one another. Thank you to every one of you for your hard work and participation within this project."
"Hackers are mainly posing a fake phishing scam using the Discord Bot to disguise the fake links as legitimate new offerings. Vice confirmed that the link links users to two crypto wallets, such as Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan, and that both wallets have experience extensive activity over the past few days as the hackers try to launder their stolen cryptocurrency."
"Bored Ape Yacht Club, Nyoki and Shamanz have all tweeted warnings to users that their Twitter bots have been hacked and are advertising new, completely fake NFTs. If users take users to legitimate NFT sites, the link directs users’ crypto to a pair of crypto wallets that have been illegally laundering their ill-gotten gains."
"Along with blue-chip projects like BAYC, and Doodles, our server was also compromised today due to a recent large-scale hack. We have taken everything under control in less than 30 minutes."
"We've tracked the transactions and confirmed that some of the members got scammed during the incident. Nothing to worry about, we are in contact with victims, and losses will be covered by Nyoki Club."
"Users are advised to stay alert at this time and refrain from clicking suspicious links posted on Discord servers." "Please deauthorize http://Captcha.bot from your discord account if you haven't already."
While Ticket Tool has not released an official announcement, they did offer this explanation: "A recent update I made to the add command had a bug allowing for some type of permission exploit. I've reverted the update to the previous uncompromised version and will be looking into exactly how this happened. The bot itself is not compromised beyond a very unfortunate bug."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| April 1st, 2022 12:32:00 AM MDT | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Total Amount Lost
The total amount lost is unknown.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
It is recommended to be extremely cautious of any links posted on Discord, given the repeated hacks of the platform. Users need to be cautious with any posted links. Always check any communication against multiple official sources of a project.
Platforms should be extremely cautious regarding the permissions which are granted via Discord, and limit the access levels to critical functionality. Discord should improve their security and offer multi-signature permissions for key functions. Ideally, public groups should be managed from an exclusive account which isn't used for anything else.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ [ttps://chubk.com/bored-ape-yacht-club-bayc-officially-confirmed-the-projects-discord-channel-has-been-hacked/ ttps://chubk.com/bored-ape-yacht-club-bayc-officially-confirmed-the-projects-discord-channel-has-been-hacked/] (Jun 19, 2022)
- ↑ Home - Nyoki Club (Jul 14, 2022)
- ↑ FAQ - Nyoki Club (Jul 14, 2022)
- ↑ Why Nyoki Club is Here to Shake the World of NFTs (Jul 14, 2022)
- ↑ Why Nyoki Club is Here to Shake the World of NFTs | News Direct (Jul 14, 2022)
- ↑ The NFT Discord Channels are Attacked By Hackers, who seek to gain traction in Cryptocurrency - Game News 24 (Jul 16, 2022)
- ↑ Nyoki Club Discord account hacked, scammers spreading links to fake minting sites - Aliens: AI Crypto News & Markets Updates (Jul 16, 2022)
- ↑ Warning: Hackers Are Targeting Discord Bots to Rob NFT Users (Jul 16, 2022)
- ↑ BAYC, Nyoki, Shamanz and other NFT projects suffer Discord hack (Jul 17, 2022)
- ↑ Several huge NFT Discords hacked by scam attacks | TechRadar (Jul 17, 2022)
- ↑ Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers (Jul 17, 2022)
- ↑ https://etherscan.io/address/0xad7f0a2427f93bc8fc178a73ae0d2d188682884f (Jun 20, 2022)
- ↑ https://etherscan.io/address/0x82b9d87ffd80449ca96ec67c19f5d0631b18d5db (Jul 13, 2022)
- ↑ @Serpent Twitter (Jul 17, 2022)
- ↑ @Ticket_Tool Twitter (Jul 17, 2022)
- ↑ @zachxbt Twitter (Jul 17, 2022)