A recently launched NFT collection called Rare Bears has been hit by scammers – a phishing attack caused token holders to lose $800,000 worth of NFTs.
According to PeckShield, a blockchain security company, the attackers managed to steal 179 NFTs. Mostly, the fraudsters were able to take out tokens from the Rare Bears collection, but NFTs from the CloneX, Azuki and 6 LAND tokens from The Sandbox meta universe were also stolen.
Judging by the transactions on the attackers’ wallet, they sold the obtained NFTs almost immediately. This allowed them to get 286 ETH, which is more than $795,000 at current exchange rates. The funds were immediately diverted to the Tornado Cash transaction mixer.
Later, the Rare Bears team published a post about the reasons behind the phishing attack. As it turned out, the hackers were able to access the account of the team’s moderator under the pseudonym “Zhodan” on the Discord server. The hackers then published a message about the new NFT release and attached a phishing link. Users who clicked on the link and provided access rights to their wallet lost their tokens.
At the same time, the hackers, having gained access to Discord, blocked other members of the Rare Bears team from accessing it and revoked any rights to manage the server from them. Subsequently, the Rare Bears team regained control of the server and removed the phishing link, but the stolen tokens cannot be recovered.
Computer security experts remind that it is extremely rare for NFT projects to suddenly announce a new collection of tokens exclusively in Discord or any other single channel. Usually they are scammers, and users need to be extremely careful.