• TRM Labs has linked the recent NFT hacks to a 'wider group'
  • NFT projects lost $22 million in May alone, and cases jumped 55% in June
  • Blockchain security firm Halborn says that the threat comes from China

Attacks on NFT projects implemented via their Discord channels have risen significantly, Web3 security firm TRM Labs has said, adding that most of these attacks are likely associated with “a wider group” of hackers.

In an in-depth analysis, TRM Labs stated that over 100 reports of Discord channel hacks have been filed with Chainabuse, a community-led scam reporting platform operated by TRM Labs, in the last two months, and in May alone the losses were worth over $22 million.

The firm noted that 10 similar attacks were witnessed on June 4 with some projects like Bored Ape Yacht Club (BAYC) being hacked twice. In June, there was a hike of 55% in NFT-based attacks compared to May.

"Since 2022, we've seen these compromises happening at scale, specifically on Discord," TRM Labs investigator Monika Laird told Decrypt on Wednesday.

TRM Labs stated that the tactics used to scam Discord users in most hacks are similar and make use of "sophisticated social engineering, such as phishing and fraudulent accounts pretending to be an administrator" or exploitation of bot vulnerabilities, followed by tweaking "administrator settings to ban Discord moderators from interfering with the hackers’ operations."

"A review of more than 15 notable Discord compromises targeting NFT servers and analysis of on-chain and off-chain data by TRM investigators suggest that dozens of these recent account compromises are likely related. Some of the linked compromises include well-known NFT Discord project accounts such as BAYC, Bubbleworld, Parallel, Lacoste, Tasties, Anata, and a dozen others," TRM Labs' report stated.

Talking about the series of attacks on NFT projects, Yuga Labs, the creator of BAYC NFTs, asked users to be safe and vigilant last week.

"It isn't necessarily that Discord in and of itself has a weakness, but it just makes it a very target-rich environment," Chris Janczewski, head of global investigations at TRM Labs, said. "If you're looking for people that own NFTs, you go to a place where they're all hanging out, and you have a point to be able to make [contact] with them."

In another report which will be released on Thursday but was previewed by Decrypt, blockchain security firm Halborn was able to pinpoint the region from which these NFT attacks were launched. According to Halborn, the threat is originating from China.

"Our analysis indicates that this attack came from a Chinese group that aims for high-value individuals," Alpcan Onaran, Halborn offensive security engineer, told Decrypt. "We are expecting a logarithmic increase in advanced persistent attack (APT) activity and also expect to see different adversaries targeting Web 3.0 companies and individuals."

Enthusiasts promote NFTs as a user-friendly entry into the crypto space
Enthusiasts promote NFTs as a user-friendly entry into the crypto space AFP / Justin TALLIS