The weekend saw a coordinated attack targeting the Discord servers of several prominent blockchain projects. These attacks, all involving the distribution of malicious links promoting sham token giveaways, highlight the growing vulnerability of communication platforms within the crypto space.
Following the initial compromise of Polygon’s Discord server, which occurred less than 48 hours prior, layer-1 network Avalanche and layer-2 blockchain ZKsync also fell victim to similar exploits.
On August 25th, the official Avalanche account on platform X acknowledged the compromise and urged users to refrain from interacting with or clicking on any links within the server. Screenshots shared by Avalanche community members revealed that attackers posted deceptive links disguised as “distribution” schemes, offering free AVAX tokens to holders and community members.
Avalanche’s community lead, Ben Well, later confirmed that the team had identified and addressed the issue. However, efforts to fully restore the server to normal operations were ongoing.
Unfortunately, this brief reprieve was short-lived. Within just one hour of the Avalanche exploit, ZKsync’s official Discord server also reportedly came under attack. Hackers deployed a similar strategy, disseminating malicious links promoting a fake “round 2 airdrop” scheme that promised users free ZK tokens. While ZkSync has yet to officially address the incident on platform X, several team members have acknowledged the breach on Discord.
These attacks add another layer of concern regarding the security of Discord within the crypto community. Just two days prior to this weekend’s events, Polygon’s Chief Information Security Officer, Mudit Gupta, confirmed a similar breach on their Discord server. He subsequently warned users to avoid clicking on any links within the channel until the situation was fully resolved.
The impact of these attacks is not to be underestimated. One Polygon user, identified as ValidatorK, reported a loss of $150,000 worth of Ether after interacting with a seemingly legitimate announcement on the compromised Discord server.
Related: Popular Blockchain Platform Polygon’s Discord Channel Hacked, Users Warned of Phishing Attacks
This recent wave of attacks is unfortunately not an isolated incident. In March 2023, blockchain security firm CertiK uncovered a phishing scam targeting the Arbitrum Discord server. The scam, believed to be orchestrated through a compromised developer account, tricked users into clicking a malicious link disguised as an official announcement. Similar events unfolded on May 5th, when the Gnus.AI artificial intelligence network suffered a Discord-related exploit costing them an estimated $1.27 million.
These incidents underscore the importance of heightened vigilance within the crypto community. Users are urged to exercise extreme caution when interacting with links or announcements, even those seemingly originating from official sources on Discord servers. It is crucial to confirm their legitimacy through alternative channels before clicking or engaging.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
About The Author
