Solana-Based Hacked Monkey Kingdom Has a Phishing Lesson for NFT Buyers
Solana (SOL)-based non-fungible token (NFT) project Monkey Kingdom had its official Discord server hacked on Tuesday during a presale, allowing a cyber thief to run away with nearly USD 1.3m worth of digital assets. The incident is another stark reminder to be extra careful and not to fall into phishing traps.
The incident marks one of the largest NFT project hacks to date, reminding every crypto user, particularly NFT investors, of the risks involved with this emerging industry.
Meanwhile, the hacker targeted the presale of the Baepes, a collection of 2,221 female Wukongs NFTs added to the Monkey Kingdom family. Minutes after the presale started, the project’s Twitter account announced that due to an overload of traffic, their website is currently down.
Subsequently, they informed the community that their Discord channel has been hacked and a phishing link has been published, warning users not to follow the link.
https://www.twitter.com/MonkeyKingdom_/status/1473312369556213769
“Since the morning of 21 Dec 2021, our discord was flooded with thousands of bots impersonating Monkey Kingdom or Baepes announcement. They DM-ed our users directing them to suspicious websites that require them to connect their wallets,” The project detailed.
According to the team, a hacker first used a breach in Grape, a protocol for building token-based membership communities on the Solana blockchain, to take over an administrative account and post a fake link to minting the NFTs.
We've just discovered that one of our setup admins got hacked 7 days ago
— Grape Protocol (@grapeprotocol) December 21, 2021
For sure this affected the @fractalwagmi and @monkeykingdom_
The hackers are using an exploit involving Discord webhooks
Everyone should check their webhooks immediately
We'll update as we learn more pic.twitter.com/4iGskOnwmw
Users who clicked the link and proceeded to authorize the purchase with the expectation of buying an NFT were robbed of their SOL tokens.
Following the incident, some users revealed that they have lost as much as SOL 650 (currently USD 116,200). In total, the team estimates that the hacker got their hands on over SOL 7,000 (USD 1.25m).
Guys I got drained 650 $SOL.
— commenstar (@commenstar) December 21, 2021
It is one my biggest mistake.
I am always recommending people using burner but I was nervous and fomo the Monkey Kingdom Mint. Never thought it was not a legit mint link in official discord.
It is important money to my family: my wife, my son. pic.twitter.com/rtWbCu81Ga
The Monkey Kingdom team has pledged to compensate affected users. “Monkey Kingdom community, we have your back! We have begun processing compensation requests and will be contacting individuals starting today,” they said.
Backed by American DJ Steve Aoki, Monkey Kingdom is the 8th most popular NFT project on Solana. The collection consists of 2,222 algorithmically generated NFTs inspired from Sun Wukong, otherwise known as The Monkey King in Chinese folklore. As of now, the project has a market capitalization of just over USD 20m and a floor price of SOL 55 (USD 9,832).
____
Learn more:
– Santa Hackathon? Visor Finance Marks 7th Hack in December
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes
– MetaMask to Add Support for NFTs
– Instagram Mulls Integrating NFTs In Its Platform
– Investor Purchases 330 Adidas NFTs Using Smart Contract – 328 More Than the Cap
– Chinese Communist Party’s Mouthpiece Endorses NFTs in a Surprise Move