Axie Infinity, NFT and Other Projects Fall Victims of a Phishing Attack
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Messaging platform Discord servers of multiple large NFT collections and crypto projects, including play-to-earn game Axie Infinity, have been compromised, with attackers publishing phishing links that appear to be NFT mints.
Some other affected projects include popular NFT collections Moonbirds and PROOF, virtual sneakers company RTFKT, payment network Memeland, and social graph protocol CyberConnect, among others, according to blockchain security firm PeckShield.
#PeckShieldAlert #phishing Seems like several #NFT discords were compromised. Stay safe! @CyberConnectHQ @proof_xyz @RTFKT @Moonbirds @memeland #NFT community share to raise awareness. pic.twitter.com/7PuwWNgXJe
— PeckShieldAlert (@PeckShieldAlert) May 18, 2022
Axie Infinity confirmed that its Discord server has been compromised.
“There was a compromise of the MEE6 bot which was installed on the main Axie server,” Axie Infinity said. “The attackers used that bot to add permissions to a fake Jiho [Jeff Zirlin, co-founder of Axie] account, which then posted a fake announcement about a mint.”
The team noted that they have removed the fake announcements, adding that they would “never do a surprise mint.”
Some other projects have also confirmed the attack, speculating that the widely-used MEE6 Discord bot might have been compromised.
“It seems that the MEE6 bot is compromised. Please do not click any links in our discord,” Memeland said on Twitter.
However, the MEE6 team has seemingly denied allegations that the bot was compromised. “MEE6 was, is and never will be compromised,” a team member has reportedly said on Discord.
The MEE6 bot enables users to create commands that automatically give and remove roles and send messages in the current channels or in the user’s direct messages, according to its website.
Meanwhile, pseudonymous NFT educator and discord security auditor Skits has claimed that the attack actually involved a phishing scam that compromised admin accounts and used MEE6 features to disguise which admin accounts were compromised.
“First they will hack an admin account. Secondly they will create a reaction role feature from MEE6 to give an alternate account admin,” Skits said. “Using this method, they will be able to send webbook messages while hiding who the compromised administrator account is.”
Skits has also shared a screenshot of what appears to be a dialogue among the attackers, which seems to be “a large group,” where one scammer admits to stealing over a million.
Seems like its a large group, one of these social engineering scammers admitted to over a million stolen…. pic.twitter.com/5E9jkV3taH
— Skits (@777Skits) May 18, 2022
____
Learn more:
– NFT Self Defense: Staying Safe in Web3
– Axie Infinity’s Post-Hack Metrics Beckon Optimism, Not Despair
– Just How Sustainable Are Play-to-Earn Gaming Pyramids?
– ‘Wave of Crypto Muggings’ Hits London’s Financial District
- How Tether Co-Founder William Quigley Views Crypto Regulations in Trump’s Second Term
- Trump Appoints PayPal Veteran David Sacks as ‘White House AI and Crypto Czar’
- From $10K to $75K: How Dave Portnoy Pumped and Dumped Meme Coins on His Followers
- Gold-Backed Altcoins Boom as Major Banks Raise Price Predictions: Which Coins to Get
- Kanye West Says He Rejected $2 Million Offer to Promote Alleged Crypto Scam






