Rare Bears Discord Attack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Rare Bears Homepage/Logo

The Rare Bears NFTs are a set of NFT bears made by a New Zealand artist Enox. A security breach in the Discord of the Rare Bears NFT project allowed an attacker to post a malicious phishing link for over 9 hours before the link was finally removed. During that time, an estimated $800k worth of assets were stolen from users. Users who clicked the link and authorized a cheap mint would have had all assets from their wallets taken.

[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39]

About Rare Bears

"The Rare Bears are taking over. They’re cute and sweet, but tough and street. The Bears have a cool retro vibe mixed with a futuristic cyber tone. They’re all about street art, graffiti, music, tech, fashion, and a few old-school video games. They’re down to cuddle once in a while, but if you cross a Bear it’s bad news. The Rare Bears are your ticket into the BearVerse with the most vibrant community around. More NFTs will drop, collabs will happen and more mediums will be explored. We’re bearly getting started."

"Official is an NFT collection that was created on March 09, 2022." "Iain Spanhake A.K.A Enox is a professional digital artist from New Zealand." "The Rare Bears are 2,347 unique NFTs from digital artist, Enox. The first collection released in March 2022 and our upcoming Mare Bear collection will be dropping in the second half of the year."

Homepage:[40]

OpenSea:[41]

Mintalytics:[42]

The Reality

"Discord seems to be becoming a good “bait” for hackers to carry out phishing attacks on NFT collectors." "Holders of Rare Bears NFTs got scammed on the community’s Discord channel and lost almost $800,000 worth of digital assets in a phishing attack." "[A] new collection of NFT Rare Bears announced that its members had fallen victim to a similar incident and lost more than $790,000 in assets."

"The team admitted to having multiple security breaches and confessed not taking appropriate security measures." "After regaining control of the channel and apologizing to the community, the founding members of Rare Bears announced a new member, Discord manager for security audits."

What Happened

An unidentified attacker gained access to a moderator's account in the Rare Bears discord channel. They used this to announce a new mint, which was actually a phishing link that stole funds and NFTs from users who approved access.

Key Event Timeline - Rare Bears Discord Attack
Date Event Description
March 16th, 2022 1:31:00 PM Hack Mentioned First mention on Twitter of the Discord being hacked by @Artzhy_.
March 16th, 2022 2:53:00 PM Victim Mentioned The first mention on Twitter by a user who got hacked. These continue up until 9:09 PM.
March 16th, 2022 7:09:00 PM MDT Warning By Ace Enigma Twitter user Ace Enigma reports that the founder of RareBear has been hacked, and all moderators have been kicked. There is an apparent unauthorized minting of 700 units of Rare Bears NFTs at a price of 0.01 ETH. The hackers are now attempting to mint an additional 700 units at a lower price of 0.005 ETH. There is a risk that the NFTs in the affected wallet could be stolen. The community is advised not to participate in minting or acquiring these NFTs to avoid potential loss or involvement in the hacking incident[43].
March 16th, 2022 9:09:00 PM Twitter Post The Rare Bears Twitter account @BearsRare announces about the exploit on Twitter.
March 17th, 2022 1:50:00 AM Discord Secure "We are pleased to let you know that our Discord server is now fully secure. @pandez_ has started doing a full security audit for us. The server will remain locked until the audit is finished tomorrow. We are committed to making things right and we're moving forward!"
March 17th, 2022 1:02:00 PM Public Apology The RareBears team issues a formal apology on Twitter. "This was not okay. We are deeply sorry to everyone affected."
March 17th, 2022 5:20:00 PM Discord Reopened "our Discord has been audited by @pandez_. We're secure and now open! We can't wait to see you all again! We will release the details of the hack today to outline what happened for full transparency."
March 17th, 2022 8:51:00 PM Twitter Update Posted Rare Bears posts their Rare Bears Hack Update description to Twitter to explain what happened along with audit notes from user pandez_[1].
March 17th, 2022 8:51:00 PM Twitter Update Rare Bears posts their Rare Bears Hack Update description to Twitter to explain what happened. They also said "Our team are working on a solution as we speak for those effected and will announce as soon as we can."
March 17th, 2022 11:13:00 PM Pandez Tweet "We're thrilled that @pandez_ is officially part of the Rare Bears Team. His role as Discord Manager will include on-going maintenance, admin and tech support. First-class expertise having worked on Karafuru, World of Women, The Other Side, Psychedelics Anonymous and many more!"
March 20th, 2022 1:32:00 PM AMA Session The Rare Bears team announced they were "back" "stronger than ever" and hosted an AMA (Ask Me Anything) where the hack would have undoubtedly come up. No record of the session has been located.
March 21st, 2022 9:59:47 PM MDT Metaverse Post Article Published Metaverse Post reports that Rare Bears NFT holders suffered losses of nearly $800,000 in a phishing attack on the community's Discord channel. The attacker gained unauthorized access to the official moderator's account, sharing a phishing link and compromising security. After regaining control, the Rare Bears team apologized and announced the appointment of a Discord manager for security audits. The attacker used the compromised account to post an official-looking link about a new NFT release, disabling members' roles and warning capabilities. The team pledged compensation, with 50 bear NFTs set to airdrop on March 22nd. The Rare Bears NFT collection, featuring 2,347 hand-drawn retro bears, had gained significant attention in the NFT community[44].
April 2nd, 2022 4:23:51 PM MDT ChubK Article Mention ChubK reports that The Discord channel of the Bored Ape Yacht Club (BAYC), a prominent NFT project, has been hacked. The report mentions that Rare Bears faced a similar attack, resulting in a loss of over $790,000[45].
April 12th, 2022 4:45:00 PM New Discord Lawyer The Rare Bears team brings on board Shane who "is a lawyer based in Singapore, with a background in law and communications. He looks after Discord management/communications and social media outreach."
April 16th, 2022 2:30:00 AM New Roadmap The RareBears team shares their new roadmap[46][47].
May 7th, 2022 10:00:00 AM Sentimental Post The RareBears Twitter posts "As a community, we've been through the ringer. We've gone through what could be any other project's worst nightmare. But we've risen to meet adversity and emerged on the other side stronger, more fired up, & with more conviction than ever! Don't bet against the bears."[48]

Technical Details

The attacker gained unauthorized access to the official moderator's account, sharing a phishing link and compromising security[44].

"An unidentified person got unauthorized access to the official moderator’s account on the Rare Bears’ server and shared a phishing link." "The fake announcement stated that additional 1,000 unique NFTs priced for 0.1 ETH were added to the collection and are ready to be minted." "The compromised account also invited a bot to lock all channels so no one on the server could warn other members about the NFT fake collection."

"[T]he attacker compromised the project head’s Discord account, who was the owner of the Rare Bears server." "According to a Rare Bears team update, the hacker got access to the account of “Zhodan,” a Rare Bears Discord moderator." "Then, the hacker posted an ‘official’ link in one of the channels, informing about a new release of NFTs. In addition, the unknown person disabled other members’ roles on the server and their ability to write or delete posts and warn about the phishing link."

As described by Web3IsGoingGreat:

"After hackers successfully compromised the account of one of the Rare Bears Discord moderators, they posted an announcement that new NFTs were being minted. Those who tried to participate in the mint wound up having their accounts compromised and their NFTs stolen."

"Not only did the attackers post a fake mint link, they took steps to prevent the project from thwarting their attack by banning other members and removing user rights that would have allowed other project members to delete the fake links. They also added a bot to the server that locked channels so people couldn't send warnings that the links were fake."

The RareBears Hack Update states:

"Project head's Discord account was reportedly compromised. Project head was the owner of the server. No one can kick, ban, or otherwise overpower the owner of the server. Links were posted directly by the compromised account. You can't remove the "Send Messages" or any other permission from the server owner."

"The compromised account banned every other team member from the Discord or removed their roles, so no-one was able to delete the messages posted. The compromised account invited a fake "Collab.land"bot to automatically lock all channels in the server so no one could communicate that the posts in announcements were fake."

Audit Notes From @pandez_

Pandez prepared audit notes which were posted on Twitter as one of his first actions after securing the Discord channel[1].

RARE BEARS HACK UPDATE

Discord security audit carried out by @pandez_,

- Project head's Discord account was reportedly compromised.

- Project head was the owner of the server.

- No one can kick, ban, or otherwise overpower the owner of the server.

- Links were posted directly by the compromised account. You can't remove the "Send Messages" or any other permissions from the server owner.

- The compromised account banned every other team member from the Discord or removed their roles, so no-one was able to delete the messages posted.

- The compromised account invited a fake "Collab.land" bot to automatically lock all channels in the server so no one could communicate that the posts in announcements were fake.

- Control was regained when Pandez was onboarded by @enoxart & @artbylino_.

- Ownership was transferred from project head to the Rare Bears team.

- A brand new account made by the Rare Bears team is now the owner of the Discord server and will never interact in the server, click any links, accept friend requests or DMs.

- A full security audit was performed by @pandez_ to ensure perms are reinstated to the team and the server is secure from another attack like this.

The Rare Bears Team

RARE BEARS

Total Amount Lost

Metaverse Post has estimated the total losses at $800k[44].

"A detailed review from Peckshield showed that the hacker stole a combined 179 NFTs from the platform. Asides from the Rare Bears NFT, he was able to get his hands on others, including Azuki and some LAND tokens."

As per CoinTelegraph:

"Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs including “Rare Bears” and other NFTs from various collections including “CloneX,” “Azuki,” a “mfer” from artist sartoshi, and six LAND tokens used for The Sandbox metaverse."


"In a detailed analysis, the hacker was said to have sold all the NFTs, recouping cash worth around $795,000 from the sales." "According to on-chain research, the majority of the NFTs were sold, netting the hacker 286 ETH worth approximately $795,500, the majority of which was immediately sent through Tornado Cash, a crypto mixer used to hide the source of funds." "After the sale, the hacker obfuscated funds through the known mixer, Tornado Cash."

The total amount lost has been estimated at $795,000 USD.

Immediate Reactions

After regaining control, the Rare Bears team apologized and announced the appointment of a Discord manager for security audits. The attacker used the compromised account to post an official-looking link about a new NFT release, disabling members' roles and warning capabilities[44].

Warnings Shared On Twitter

[43]

"RareBear's Founder was hacked and all Moderators were kicked. The hackers minted 700 units at 0.01 from announce and are now trying to mint another 700 units at 0.005. The NFTs in the wallet could be stolen as well. Please do not ever mint it."


During the event, multiple users such as @KaiaNFT, @MSTPR0, and @Artzhy_ were proactively warning users on Twitter, but many users didn't see until after they had already been hacked.

Twitter users from the community such as @whyarewehere42, @kohlsaft, and @DubsyDoes were not very supportive:

"Lol, you post the warning 9 hours after the hack or scam. After more than 200 eth has vanished through tornado cash. 9 hours, really?"

"This is probably game over... Trust is gone. Should focus on a new project with better security."

"Always a few believers I suppose. People literally lost thousands in assets. That’s not ok. They didn’t even address it for 5 HOURS after it happened… nah man."

"[A]lmost two hours since the hack and still under hackers control and still no warning on twitter to their customers, pure neglegence."

Twitter users @Sofyan9793, @sungin21c, and @Sir_Teamm asked for refunds:

"You did this announcement too late I hope you gonna refund me guys[.]"

"Can I get compensation for my lost bear and ETH?"

"Excuse me, but th[e apology] is not enough. You have to refund everyone who lost it."

Some like @0xelies even went as far as to suspect team member Zhodan to be behind the theft:

"Stop this mascarade. I'm in Rare Bears from day 1 and can't believe what happened. Zhodan, the head of the team, rugged and betrayed the rest of the team by posting fake mint links. I can't trust you anymore! 600K USD lost and Azukis, CLONE X stolen! It's unrepairable."

Others like @JoshuaBlanks23 and @HuzzaXO expressed support for the project and faith in the team.

"Common sense isn't very common. I'm sure everyone will get sorted out[.] @EnoxArt genuinely cares for his community, it's his brand and reputation on the line. He would not rug."

"Their socials was compromised as well and Enox announced it on his Twitter. So please tell me what you wanted to be done. and it’s the peoples fault for clicking on links. We weren’t forced to lose money we’re we? Was everyone hacked? I didn’t think so."

Twitter user @Punishe32385597 lost their bear and still had support.

"Lost my bear but still have much love for y’all"

Ultimate Outcome

The team pledged compensation, with 50 bear NFTs set to airdrop on March 22nd. The Rare Bears NFT collection, featuring 2,347 hand-drawn retro bears, had gained significant attention in the NFT community[44].

The team's first move was to create a formal apology on Twitter.

"[P]eople have been hurt in this process due to some of the team not taking appropriate security measures. We trusted people within the team who said they had fixed things. It has obviously been proven otherwise."

"Things are changing from here on out. We have stepped up and will be leading this from now on. We take security very seriously and we have therefore invested into hiring Pandez to do a full security audit of our discord."

The team had the Discord reopened the following day and continued to run their project.

"The team admitted to having multiple security breaches and confessed not taking appropriate security measures." "After regaining control of the channel and apologizing to the community, the founding members of Rare Bears announced a new member, Discord manager for security audits."

"After realising what had happened, the Rare Bears team managed to regain control of the server. The team members did this by transferring ownership to a new Discord account. They also publicly promised their members that this new account will never interact with members, click any links or accept friend requests."

The Rare Bears team brought on board a new team member with specific Discord experience.

"We're thrilled that @pandez_ is officially part of the Rare Bears Team. His role as Discord Manager will include on-going maintenance, admin and tech support. First-class expertise having worked on Karafuru, World of Women, The Other Side, Psychedelics Anonymous and many more!"

The RareBears Hack Update states:

"Control was regained when Pandez was onboarded by @enoxart & @artbylino_. Ownership was transferred from project hear to the Rare Bears team. A brand new account made by the Rare Bears team is now the owner of the Discord server and will never interact in the server, click any links, accept friend requests or DMs. A full security audit was performed by @pandez_ to ensure perms are reinstated to the team and the server is secure from another attack like this."

"Speaking to Cointelegraph, security consultant Pandez said that users should look out for a few key signs that could mean a message is a scam."

“Almost no serious project will ever do a stealth mint,” Pandez said. “Never click any links which appear like this.”

"Pandez said other red flags are if channels are locked during a “drop” of a new NFT collection, if the link differs from those shared on Twitter or other official sources for the project, and if the link is continuously posted in the channel."

There appear to have been ongoing damage to their reputation with some members of the community such as @sueyancami reporting being kicked from Discord:

"How is the floor doing? You all kicked me out of the [D]iscord as I said on Friday the floor would be .07 after the weekend. I haven’t checked the floor but I know not trending in top 100. Never bodes well when there is a hack in your discord and you don’t reimburse all[.]"

Total Amount Recovered

While it does not seem that there will be a full recovery, the Rare Bears team pledged to provide 50 bears to those who were affected.

"After the issue was solved, the Rare Bears team decided to compensate Rare Bears community members impacted by the cyberattack: 50 bear NFTs will airdrop on the 22nd of March."

“We are sorry this happened, we care and are trying to make this right as best as we can. We cannot bring back your money, but we can return 50 bears and future benefits,” Rare Bears founders said on Discord.

There do not appear to have been any funds recovered in this case.

Ongoing Developments

The RareBears team hired Shane specifically to help with their Discord management on April 12th.

"We are SO excited to have Shane @lunnietunesNFT as part of the Rare Bears team. He is a lawyer based in Singapore, with a background in law and communications. He looks after Discord management/communications and social media outreach. Let's all welcome him to the #BearFam!"

They posted a new roadmap April 16th:

"We're coming back stronger than ever. If you haven't seen our Roadmap 2.0 here's a few highlights. new leadership. new utility & holder perks. utility token ecosystem. holders only merch. Factions. Mare Bears. We are excited!"

They've also been posting encouragement to their community such as the following:

"As a community, we've been through the ringer. We've gone through what could be any other project's worst nightmare. But we've risen to meet adversity and emerged on the other side stronger, more fired up, & with more conviction than ever! Don't bet against the bears."

Individual Prevention Policies

Users could have avoided falling for the phishing attack by verifying information against multiple sources and double checking their approvals. Losses could be minimized by storing most funds offline on a separate wallet.

Verification Of Information

In this case, the phishing link was only present on the Rare Bears Discord channel. Individual users should never trust information that is only present on a single source, and always back it up by checking a more official source or getting a second opinion from others. This is especially true when the offer seems to be "too good to be true", such as extremely cheap minting of a popular NFT project.

Any time that you are promised any profit or benefit in exchange for an initial payment, smart contract approval, or deposit, pay special care as to whether the entity making that offer is trustworthy, actually who they say they are, and has the means to fulfill what they're promising. There are no magic algorithms providing guaranteed returns from trading or mining. Trading on average will lose money. Mining is expensive and complex. No one is going to immediately send back more than you sent them. NFT projects will rarely announce a surprise mint in only a single location. Are you fully prepared for the event your money is kept and nothing is delivered in return?

Double Check Transactions

It is very important to check all details of every transaction or approval. There is no reason to approve full access to a wallet for minting an NFT, nor ever any reason to need to share your seed phrase with any third party website.

Every approval on Web3 is an opportunity to lose all of the funds present in your wallet. Take the time to review the transaction in full. Fully check over the balance, permissions, and entire address which you are interacting with. Do not trust that your clipboard or any website front-end is guaranteed to provide an accurate address or transaction status. Always perform a test transaction prior to the first high-value transaction in any session.

Private keys can be obtained through seed phrases, mnemonics, private key files, mobile synchronization screens, wallet export features, wallet backups, etc... Never ever send these to anyone else who you do not intend to allow to take all of your money. Attackers will use a wide variety of tactics to convince you like pretending to be your wallet software, pretending they work for the wallet software, or asking you to screen share. Don't fall for them.

Safeguarding Your Funds

One way to minimize the potential losses is to have most funds in a separate offline wallet, and only transfer assets from that wallet when they are specifically needed for a transaction.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

A combination of improved security for Discord, better user education, and an insurance fund could successfully reduce risk and resolve this situation.

Better Discord Channel Security

The Rare Bears project could have prevented the situation through tighter security on their Discord.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

Increased User Education

Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.

In this case, Rare Bears also could have greatly reduced the impact through a faster response time. This phishing attack was present on their Discord channel for over 9 hours before being finally addressed by the Rare Bears team.

Establish Industry Insurance Fund

Despite the best efforts to educate users and secure Discord, successful phishing attacks are still possible. Commercial for-profit insurance is unlikely to cover such cases due to a lack of incentive and policy coverage. An industry-led group could stand a better chance of assisting.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

A combination of improved security for Discord, better user education, and an insurance fund could successfully reduce risk and resolve this situation.

Better Discord Channel Security

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

Increased User Education

Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.

Establish Industry Insurance Fund

Despite the best efforts to educate users and secure Discord, successful phishing attacks are still possible. Commercial for-profit insurance is unlikely to cover such cases due to a lack of incentive and policy coverage. An industry-led group could stand a better chance of assisting.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 1.2 BearsRare - "Here are the audit notes from @pandez_ regarding yesterdays Hack. Our team are working on a solution as we speak for those effected and will announce as soon as we can." - Twitter (Jul 14, 2022)
  2. Rare Bears NFT Discord Hack: Scammer Runs Away With $800k In NFTs (Jul 14, 2022)
  3. Rare Bears suffers phishing attack (Jul 14, 2022)
  4. @BearsRare Twitter (Jul 14, 2022)
  5. Rare Bears Discord Phishing Attack Nabs $800K In NFTs - CoinCu News (Jul 14, 2022)
  6. Discord hack targeting Rare Bears NFT project nets attacker $800,000 (Jan 26, 2023)
  7. @MSTPR0 Twitter (Jan 28, 2023)
  8. @web3isgreat Twitter (Jan 29, 2023)
  9. Rare Bears Discord phishing attack nabs $800K in NFTs (Jan 29, 2023)
  10. The Block: Hacker steals $790,000 of NFTs and crypto from owners of Rare Bears (Jan 29, 2023)
  11. @BearsRare Twitter (Jan 29, 2023)
  12. @sueryancami Twitter (Jan 29, 2023)
  13. @BearsRare Twitter (Jan 29, 2023)
  14. @Punishe32385597 Twitter (Jan 29, 2023)
  15. @BearsRare Twitter (Jan 29, 2023)
  16. @kohlsaft Twitter (Jan 29, 2023)
  17. @DubsyDoes Twitter (Jan 30, 2023)
  18. @HuzzaXO Twitter (Jan 30, 2023)
  19. @sungin21c Twitter (Jan 30, 2023)
  20. @BearsRare Twitter (Jan 30, 2023)
  21. @0xelies Twitter (Jan 30, 2023)
  22. @Sir_Teamm Twitter (Jan 30, 2023)
  23. @BearsRare Twitter (Jan 30, 2023)
  24. @BearsRare Twitter (Jan 30, 2023)
  25. @Thiago29404948 Twitter (Jan 30, 2023)
  26. @Artzhy_ Twitter (Jan 30, 2023)
  27. @patel07678843 Twitter (Jan 30, 2023)
  28. @whyarewehere42 Twitter (Feb 1, 2023)
  29. @sungin21c Twitter (Feb 1, 2023)
  30. @tripedy_black Twitter (Feb 1, 2023)
  31. @KaiaNFT Twitter (Feb 1, 2023)
  32. @KaiaNFT Twitter (Feb 1, 2023)
  33. @KaiaNFT Twitter (Feb 1, 2023)
  34. @DeucePhlair Twitter (Feb 1, 2023)
  35. @tripedy_black Twitter (Feb 1, 2023)
  36. @tripedy_black Twitter (Feb 1, 2023)
  37. Fake_Phishing5562 | Address 0x67542F6E4Ea651f4c72AB24ABF2Eb9C2c202fcE1 | Etherscan (Feb 1, 2023)
  38. Rare Bears Discord phishing attack nabs $800K in NFTs - CoinTelegraph (Jun 21, 2023)
  39. Hacker steals $790,000 of NFTs and crypto from owners of Rare Bears - TheBlock (Jun 21, 2023)
  40. Rare Bears NFT Homepage (Jul 14, 2022)
  41. Rare Bears NFT Collection - OpenSea (Jul 14, 2022)
  42. Rare Bears Nft - Mintalytics (Jul 14, 2022)
  43. 43.0 43.1 AcE_NFT_Alpha - "RareBear's Founder was hacked and all Moderators were kicked. The hackers minted 700 units at 0.01 from announce and are now trying to mint another 700 units at 0.005. The NFTs in the wallet could be stolen as well. Please do not ever mint it." - Twitter (Feb 1, 2023)
  44. 44.0 44.1 44.2 44.3 44.4 Rare Bears NFT Discord Hack: Almost $800,000 Worth of NFTs Stolen - Metaverse Post (Jul 14, 2022)
  45. Bored Ape Yacht Club (BAYC) officially confirmed the project's Discord channel has been hacked - CryptoHubK Archive April 21st, 2023 1:02:03 PM MDT (Jun 19, 2022)
  46. @BearsRare Twitter (Jan 29, 2023)
  47. @BearsRare Twitter (Jan 29, 2023)
  48. "We've Been Through The Ringer" - RareBears via Twitter (Jan 29, 2023)