Phishing Attack on Rare Bears Discord, Scammer Stole $800K in NFTs

In the incident, a Rare Bears NFT project moderator's discord account was hacked, and a phishing link was sent, draining user wallets.

According to on-chain research, the majority of the NFTs were sold, netting the hacker 286 ETH worth approximately $795,500, the majority of which was immediately sent through Tornado Cash, a crypto mixer used to hide the source of funds.

According to blockchain security firm Peckshield, the attacker was able to steal 179 NFTs, including Rare Bears and other NFTs from other collections, CloneX, Azuki, a "mfer" from artist Sartoshi, 2 "3Landers" and 6 LAND tokens used for The Sandbox metaverse.

Plenty of similar phishing attempts have surfaced on Discord in recent months, implying that certain teams should pay closer attention to the security of admin accounts. The Rare Bears team announced earlier today that it has recruited security specialist and auditor "Pandez" to conduct a complete security assessment of its Discord server.

According to a Rare Bears team update, the hacker got access to the account of "Zhodan," a Rare Bears Discord moderator, and issued a statement within the group's channel announcing a new mint of NFTs. Of course, it was a fake - a phishing link designed to drain user's accounts.

The security audit discovered that the head of the project Discord's account had been hacked. Using the compromised account, the attacker then banned or revoked other members' roles from the server, therefore removing their ability to erase the phishing link. The attacker then invited a bot to the server, which froze all channels and prevented others from publicly revealing that the postings and links were fraudulent.

The team was able to reclaim control of the server, removing the compromised account and transferring ownership to a new one, and the server is now secure against further attacks, according to Rare Bears.