Some CRYPKYP functionalities are depricated as of October 2022 and will no longer be populated until further development and future version.
Although all here is visible and interactable you can not Contribute to those articles.
Try looking at other information on the Platform and Contributing there!
Have a great day,
CRYPKYP Team
Two Web3 security firms have released findings on the recent epidemic of breaches on NFT projects, which were likely carried out by a gang of hackers using hacked Discord server administrator identities.
According to a new report by TRM Labs, cyber assaults against NFT collections have progressively increased in 2022, costing the NFT community over $22 million in May alone. NFTs are tokens based on the blockchain representing digital or physical assets ownership.
TRM Labs, a company specializing in digital asset compliance and risk management, states in its research that hacks tied to NFT minting schemes distributed via hacked Discord accounts surged by 55 percent in June 2022 compared to the previous month.
Monika Laird, an investigator at TRM Labs, told Decrypt in an interview, “Since 2022, we’ve seen these hacks occurring at scale, particularly on Discord.”
TRM Labs has received over 100 reports of hacked Discord channels via its Chainabuse reporting tool in the past two months. According to Laird, the assaults occur regularly and frequently target ERC-721 tokens, an Ethereum blockchain standard for non-fungible tokens.
On the on-chain side, she stated that the link between common consolidation points (exchanges, mixers) and wallets shows that the same people conduct the majority of these assaults.
The business behind the NFT status symbol Bored Apes Yacht Club, Yuga Labs, said last week on Twitter: “Our security staff has been monitoring a persistent threat organization that targets the NFT community. We suspect they will shortly conduct a coordinated attack using hacked social media accounts against different groups. Please exercise caution and be safe.”
According to TRM Labs, on-chain statistics indicate that many of the Discord hacks are associated with the same hacker that hacked the Bored Ape Yacht Club in June. Other initiatives targeted by the company include Bubbleworld, Parallel, Lacoste, Tasties, and Anata, among others.
Since May, there have been over 150 compromises aimed at an administrative position inside a wider NFT project channel, as Laird indicated. Once the hackers have the admin account, they send out links to promotional giveaways and “exclusive” NFTs mints, creating a false feeling of urgency to entice users to visit fraudulent websites.
Chris Janczewski, head of worldwide investigations at TRM Labs, explains, “Discord doesn’t need to have a vulnerability in and of itself; rather, it’s a very target-rich environment.” “If you’re seeking individuals who possess NFTs, you should travel to an area where they all congregate, and you should have a way to contact them.”
While hacks on Discord have been successful, Laird said that Twitter and Instagram accounts have also been hijacked recently.
According to TRM Labs, the rate at which the attacks are occurring and the fact that they occur across multiple blockchains indicate that they may be separate attacks by rival cybercriminals conducting scams simultaneously using “Scam-as-a-Service” tools, which are turnkey, pay-as-you-go services to launch attacks.
In a separate report scheduled to be released on Thursday and previewed by Decrypt, blockchain security firm Halborn cites an increase in threats against cryptocurrencies, pointing separately to the North Korean Lazarus Group, which the U.S. Treasury Department claims were responsible for the $622 million hack of the Axie Infinity Ronin Network.
While TRM Labs does not disclose the origin of the assaults, Halborn believes that the danger emanates from China.
“According to our study, this assault originated from a Chinese gang targeting high-value persons,” Alpcan Onaran, offensive security engineer for Halborn, told Decrypt through Telegram. We anticipate a logarithmic increase in advanced persistent attack (APT) activity and the emergence of new adversaries targeting Web 3.0 businesses and individuals.
To protect against these new risks, Onaran asserts that Web3 security should be evaluated from all angles, both technically and non-technically.
Janczewski explains, “There is a saying that there are no new crimes or frauds; only the old ones repackaged.”
Therefore, it makes sense that spear phishing, FOMO, and persuading individuals to act impulsively rapidly have shifted into the new area, NFTs.
