Collectors of Rare Bears, a recently established NFT project, have lost around $790,000 in NFTs and other cryptocurrencies as a result of a phishing attempt.
Rare Bears is an Ethereum NFT collection of 2,400 cartoon-themed bears. It was designed by Enox, a New Zealand-based digital artist, and was released last week through a public mint.
An unknown user got illegal access to the project’s Discord server on Wednesday and posed as an official moderator. This allowed them to distribute a phishing link aimed to steal people’s money.
“Discord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team [is] working on the situation as we speak,” said Rare Bears in a post on Twitter.
The culprit sent out a message claiming that there was a new NFT mint, along with a link to a phishing website. On Twitter, a user known as “steldes” shared a screenshot of what looks to be the phony announcement made by the person posing as a Discord moderator named Zhodan. They announced in the release that a further 1,000 uncommon NFTs would be added to the collection at a mint price of 0.1 ETH ($280).
The website, according to security firm PeckShield, housed a malicious smart contract that, when clicked with, gave them control over the victims’ wallets. The hacker used this control to steal 179 NFTs and other assets belonging to everyone who participated in the mint. Rare Bears and other high-value goods from popular collections such as CloneX, Azuki, mfer, 3landers, and Sandbox were among the stolen NFTs.
Beginning at 7:34 PM UTC on Wednesday, the hacker transferred the assets to their Ethereum address. Shortly after, the majority of the NFTs were sold one by one for a total of 286 ETH, or $790,000. 213 ETH was routed through the mixing provider Tornado Cash, while the remaining 72.3 ETH was transmitted across three wallets, most likely under the hacker’s control.
While it is unknown how the Discord was breached, the author of Rare Bears speculated that a hacked device was to blame.
Similar phishing assaults on NFT owners have occurred in the past on Discord. Someone took $340,000 in ETH from the Creature Toadz NFT project in October 2021 using a phishing link, only to restore it to their victims later.
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.