Shamanzs Discord Hack
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Shamanzs NFT Discord included the third party Ticket Tool plug-in, which was either malicious or exploited by a third party to post malicious links on the discord channel. The malicious link took users to a fake minting page, where they could generously donate their money to the hacker if they didn't have an interest in verifying the smart contract address. Multiple users were scammed, and it doesn't seem like the project did anything to assist victims. Proceeds were mixed with TornadoCash.
This is a global/international case not involving a specific country.
About Shamanzs
"Barcelona based award-winning design studio Brosmind, is led by brothers Juan and Alejandro." "Shamanzs is an original collection of 9898 programmatically and randomly generated NFTs on the Ethereum blockchain. Hundreds of traits have been drawn by hand, to create a vast array of high quality and unique loving characters." "Mint Date: May 19[, 2022]"
"The wisest Monkzs, Sadhuzs, Godzs and Guruzs on spiritual land, no matter which ancient religion they belong to, are secretly joining forces to create a powerful unified legion. Their goal is to spread love and good vibezs to erase bad energies from mother Earth for once. A new army of Shamanzs is secretly emerging, and the largest community of followerzs ever seen, is about to enlighten the whole metaverse with limitless positive energy." "Leaders from different tribes, beliefs, religions, backgrounds and natures are fusing in an evolved and upgraded version; self-proclaimed as SHAMANZS."
"Also in the afternoon of March 1st. A number of other famous NFT projects were also hacked by Discord in a similar way, including Doodles, Shamanzs and Nyoki."
"Hackers are mainly posing a fake phishing scam using the Discord Bot to disguise the fake links as legitimate new offerings. Vice confirmed that the link links users to two crypto wallets, such as Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan, and that both wallets have experience extensive activity over the past few days as the hackers try to launder their stolen cryptocurrency."
"The first account obtained one NFT, sold it, and sent almost 20 ETH to the second wallet. The second one then sent more than 60 ETH to a mixing service, to “launder” the tokens. After that, the second wallet sent .6 ETH to two addresses - one inactive, and one with more than 1,400 ETH, and more than 6 million Tether coins."
"Bored Ape Yacht Club, Nyoki and Shamanz have all tweeted warnings to users that their Twitter bots have been hacked and are advertising new, completely fake NFTs. If users take users to legitimate NFT sites, the link directs users’ crypto to a pair of crypto wallets that have been illegally laundering their ill-gotten gains."
"We acted fast and in less than 5 minutes we could find the hack. Thanks for everyone helping. The ticket bot has been compromised, remove it from you server if you haven’t yet. We made our DC private."
While Ticket Tool has not released an official announcement, they did offer this explanation: "A recent update I made to the add command had a bug allowing for some type of permission exploit. I've reverted the update to the previous uncompromised version and will be looking into exactly how this happened. The bot itself is not compromised beyond a very unfortunate bug."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| April 1st, 2022 12:10:00 AM | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Total Amount Lost
The total amount lost is unknown.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Prevention Policies
It is recommended to be extremely cautious of any links posted on Discord, given the repeated hacks of the platform. Users need to be cautious with any posted links. Always check any communication against multiple official sources of a project.
Platforms should be extremely cautious regarding the permissions which are granted via Discord, and limit the access levels to critical functionality. Discord should improve their security and offer multi-signature permissions for key functions. Ideally, public groups should be managed from an exclusive account which isn't used for anything else.
References
Shamanzs NFT - The Ones Who Know (Jul 14)
Shamanzs NFT – NFTdroops (Jul 14)
Warning: Hackers Are Targeting Discord Bots to Rob NFT Users (Jul 16)
BAYC, Nyoki, Shamanz and other NFT projects suffer Discord hack (Jul 17)
Several huge NFT Discords hacked by scam attacks | TechRadar (Jul 17)
Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers (Jul 17)
https://etherscan.io/address/0xad7f0a2427f93bc8fc178a73ae0d2d188682884f (Jun 20)
https://etherscan.io/address/0x82b9d87ffd80449ca96ec67c19f5d0631b18d5db (Jul 13)
@shamanzs Twitter (Jul 17)
@Serpent Twitter (Jul 17)
@Ticket_Tool Twitter (Jul 17)
@zachxbt Twitter (Jul 17)