in ,

Axie Infinity, NFT and other projects were the victims of a phishing attack

Axie Infinity, NFT and other projects were the victims of a phishing attack
Source: Axie Infinity / Twitter

Several large collections of NFTs and crypto projects, including a game Axie Infinityin which you need to make money, were compromised, and the attackers published phishing links that appear to be NFT mint.

Some other affected projects include popular NFT collections Moonbirds and PROOFvirtual sneaker company RTFKT, the Memeland payment network, and the social graph protocol CyberConnect, among others, according to blockchain security company PeckShield.

Axie Infinity has confirmed that its Discord server has been compromised.

“The MEE6 bot that was installed on the main Axie server was compromised,” Axie Infinity said. – Attackers used this bot to add permissions to Jiho’s fake account [Джефф Зирлин, соучредитель Axie]which then posted a fake mint ad.”

The team noted that they removed the fake ads, adding that “there will be no more surprise.”

Some other projects have also confirmed the attack, suggesting that the widely used MEE6 Discord bot may have been compromised.

“Looks like the MEE6 bot has been compromised. Please do not click on any links in our discord,” Memland wrote on Twitter.

However, the MEE6 team has apparently denied allegations that the bot was compromised. “MEE6 has not been and never will be compromised,” a team member posted on Discord.

The MEE6 bot allows users to create teams that automatically assign and remove roles and send messages in the current channels or in the user’s private messages, according to its website.

Meanwhile, NFT educator and Discord security auditor Skits stated that the attack was actually related to a phishing scam that compromised admin accounts and used MEE6 features to hide which admin accounts were compromised.

“First, they will hack the administrator account. Second, they will create a react role feature from MEE6 to provide an alternate account administrator,” Skeets said. “Using this method, they will be able to send webbook messages while hiding who the compromised administrator account is.”

Skeets also shared a screenshot of what appears to be dialogue between the attackers, who appear to be a “large group” where one scammer confesses to stealing over a million.

What do you think?

Leave a Reply

Your email address will not be published.

GIPHY App Key not set. Please check settings

Browns' Deshaun Watson undergoes first meetings with NFL investigators: report

Browns’ Deshaun Watson undergoes first meetings with NFL investigators: report

Mickelson's absence from PGA Championship felt by his peers

Mickelson’s absence from PGA Championship felt by his peers