Starknet Discord Account Compromise Phishing

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Starknet Logo/Homepage

Starknet aims to create a more secure layer 2 Ethereum scaling solution with a custom programming language for users. Through undisclosed means, the Discord channel of Starknet was compromised and phishing links were posted for hours, promising users an airdrop of Starknet tokens if they approved a malicious transaction. It appears that there were no victims in this case, and no funds were lost from users.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38]

About Starknet

"Starknet is the secure scaling technology bringing Ethereum’s benefits to the world."

"Starknet is a permissionless Validity-Rollup, also known as a zero-knowledge rollup (ZK rollup) for Ethereum. As a Layer 2 (L2) blockchain, Starknet enables any dApp to achieve massive computation scale without compromising on Ethereum’s composability and security.

Starknet aims to achieve secure, low-cost transactions and high performance by using the STARK cryptographic proof system. Starknet contracts and the Starknet OS are written in Cairo, a custom-built and specialized programming language."

"Starknet utilizes the power of STARK technology to ensure computational integrity. By validating off-chain transactions with advanced math and cryptography, Starknet overcomes Ethereum’s scalability limitations. Starknet is a Validity Rollup that provides unlimited scale while retaining Ethereum’s security and decentralization."

"Starknet offers efficient and user-friendly experiences by employing Native Account Abstraction. All accounts are smart accounts: their behavior is determined by their developers rather than at the protocol level. This means unparalleled flexibility in account management. Developers can customize their applications beyond protocol constraints to elevate user experience and security."

"Starknet is home to the fastest-growing Layer 2 (L2) developer community due to its novel approach to scaling Ethereum and making it economically feasible to build even the most complex dApps. The Developer Hub provides a variety of manuals and resources for builders, by builders, on how to get started on Starknet."

"Did you miss our first Starknet Provisions Airdrop? Don't worry - There's still more! Starting from today, we will be releasing 10% of our remaining $STRK tokens to the community with a Claimdrop. Check eligibility and claim your allocation below."

The Reality

"Did you miss our first Starknet Provisions Airdrop? Don't worry - There's still more! Starting from today, we will be releasing 10% of our remaining $STRK tokens to the community with a Claimdrop. Check eligibility and claim your allocation below."

What Happened

The Discord of the Starknet team was compromised, and a phishing attack attempted to trick users into signing malicious transactions.

Key Event Timeline - Starknet Discord Account Compromise Phishing
Date Event Description
July 29th, 2024 3:52:00 AM MDT Cairo GPT Bot Unveiled A new Cairo GPT bot is unveiled on the Discord channel. There are a series of promotions aroung this time to engage the community further and get more participation.
August 1st, 2024 12:36:00 PM MDT Tweet About Compromise The team posts on Twitter to notify their community about the exploited Discord account, and warn them against clicking on any links which may be present in the Discord channel.
August 1st, 2024 12:44:00 PM MDT Tweet Blocked User A user reports they were previously blocked from Twitter, so they can't see the notice, however they believe the Discord is compromised.
August 1st, 2024 12:57:00 PM MDT Discord Still Compromised A Tweet notes that the Discord channel is still compromised and shares a screenshot of the links being posted.
August 1st, 2024 1:21:00 PM MDT Warn Agaisnt Interaction A user warns against interacting with the Discord server. This suggests that is may still be compromised, but does not confirm that they've seen any malicious posts still present on it.
August 1st, 2024 1:23:00 PM MDT Akash Majumder Tweet Akash Majumder reports that the Discord has been hacked. There is no indication whether the Discord is still displaying phishing links at this time.
August 1st, 2024 9:43:00 PM MDT Still Working To Resolve A Tweet from MIIX Capital has a summary of various news stories and reports that the Starknet team is still working to resolve the issue. It's unclear if the Discord may have been recovered at this point.
August 2nd, 2024 4:50:00 AM MDT iscord Compromise Warning Another warning tweet by GoPlus Security Ware warns about interacting with the compromised Discord. While it suggests the Discord is still compromised, there is no screenshot or specific mention of posts still present on the Discord in this post. This post includes numerous generic steps that users should take to secure themselves.
August 2nd, 2024 6:39:00 AM MDT Discord Compromise Warning Another warning tweet by TrendsGem warns about interacting with the compromised Discord. While it suggests the Discord is still compromised, there is no screenshot or specific mention of posts still present on the Discord in this post.
August 2nd, 2024 6:53:00 AM MDT Jon Kripto Tweet A Twitter username Jon Kripto reports that the Discord was hacked. It's unclear if the issue has been resolved at this time.
August 2nd, 2024 7:37:00 AM MDT Discord Presently Hacked A Tweet from AltCoiners.live claims that the Discord is presently hacked, however it is unclear if anyone from their team has actually been to the Discord to confirm it, or are just reporting on the news of the prior hack.
August 3rd, 2024 11:02:00 AM MDT Update From Starknet The Starknet team reports that they "have rebuilt all of the channels, and the server is now live again with enhanced security features and improved channel organization". They are presently undergoing a security audit. This post reports that there is believed to be no damage to the community from the attack.
August 5th, 2024 2:26:00 AM MDT Back And More Secure The Starknet team announces that they are now back and that the server is more secure than ever.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

Reportedly none.

No funds were lost.

Immediate Reactions

"Our Discord is currently compromised. Please do not interact with the server, click any links, or respond to any messages until further notice. We are working to resolve the issue and will provide updates through official channels. Stay vigilant and protect your information."

Ultimate Outcome

"On Thursday evening the Starknet Discord came under attack. While the attackers were able to temporarily take over the server and post malicious links, we were able to quickly regain control.

The attacker’s goal was to scam users through these links, but through the quick work of StarkWare & SNF security teams and wallet partners we were able to prevent any harm to the community from the attack.

We have rebuilt all of the channels, and the server is now live again with enhanced security features and improved channel organization. We are also conducting a security audit and welcome your feedback on the updated channel layout."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist Hacked - SlowMist Zone (Accessed Sep 3, 2024)
  2. @Starknet Twitter (Accessed Sep 3, 2024)
  3. Starknet | Secure Scaling Technology Bringing Ethereum’s Benefits Worldwide (Accessed Sep 3, 2024)
  4. Overview :: Starknet documentation (Accessed Sep 3, 2024)
  5. @_Miki777 Twitter (Accessed Sep 3, 2024)
  6. @andriypaska Twitter (Accessed Sep 3, 2024)
  7. @Starknet_ZH Twitter (Accessed Sep 3, 2024)
  8. @andriypaska Twitter (Accessed Sep 3, 2024)
  9. @andriypaska Twitter (Accessed Sep 3, 2024)
  10. @andriypaska Twitter (Accessed Sep 3, 2024)
  11. @andriypaska Twitter (Accessed Sep 3, 2024)
  12. @andriypaska Twitter (Accessed Sep 3, 2024)
  13. @andriypaska Twitter (Accessed Sep 3, 2024)
  14. @andriypaska Twitter (Accessed Sep 3, 2024)
  15. @andriypaska Twitter (Accessed Sep 3, 2024)
  16. @andriypaska Twitter (Accessed Sep 3, 2024)
  17. @kingsleyueze Twitter (Accessed Sep 3, 2024)
  18. @Crypto6717 Twitter (Accessed Sep 3, 2024)
  19. @andriypaska Twitter (Accessed Sep 3, 2024)
  20. @Fricoben Twitter (Accessed Sep 3, 2024)
  21. @andriypaska Twitter (Accessed Sep 3, 2024)
  22. @infinityhedge07 Twitter (Accessed Sep 3, 2024)
  23. @ParamatikHaber Twitter (Accessed Sep 3, 2024)
  24. @Metaversenews01 Twitter (Accessed Sep 3, 2024)
  25. @alt_coiners Twitter (Accessed Sep 3, 2024)
  26. @masteroncrypto Twitter (Accessed Sep 3, 2024)
  27. @Jon_Kripto Twitter (Accessed Sep 3, 2024)
  28. @LauriPelto Twitter (Accessed Sep 3, 2024)
  29. @paceking1 Twitter (Accessed Sep 3, 2024)
  30. @0xKodawari Twitter (Accessed Sep 3, 2024)
  31. @akashbitcoins Twitter (Accessed Sep 3, 2024)
  32. @arizonyaa Twitter (Accessed Sep 3, 2024)
  33. @islakwcterlii Twitter (Accessed Sep 3, 2024)
  34. @crypto_gurkha Twitter (Accessed Sep 3, 2024)
  35. @spreekaway Twitter (Accessed Sep 3, 2024)
  36. @MIIXCapital_CN Twitter (Accessed Sep 3, 2024)
  37. @TrendsGem Twitter (Accessed Sep 3, 2024)
  38. @GoPlusSecWareX Twitter (Accessed Sep 3, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Starknet_Discord_Account_Compromise_Phishing&oldid=6300"