A new NFT platform, Rare Bears, got compromised in the ‘phishing attack that enabled the perpetrator to steal $800,000 worth of NFTs from the top collections. Also, users have also transferred 73 ETH to exploiters.
As per the security and blockchain analyst firm Peckshield, the attacker has got control of the firm’s Discord server after posting a phishing link. The successful attack allowed access to the ‘Zhodan’, a moderator’s account, which was enough to win the trust of other members.
After getting full control of the account of the head on the Discord channel, the perpetrator removed other authorized members, who could become obstacles in his phishing mission. Then he posted a fake link about a new mint of NFTs, which was created to compromise the users’ funds from their wallets.
The attacker also added a bot that freezes all the channels on the server to break internal communication about fake phishing links. This move helped him to execute an attack in a sneaky manner before anyone knew about the attack.
The stolen NFTs list contains 1 mfer, 4 CloneX, 4 Azuki, and 6 Land tokens used for The Sandbox metaverse.
In a tweet, Rare Bears urged users to “Do *NOT* fall prey” to perpetrators as some users have transferred their ETH to it.
The attacker sold most of the stolen NFTs, netting the hacker 286 ETH. To convert in fiat, the hacker used Tornado Cash, a tumbling platform.
However, as per the latest update, Rare Bears was audited by security consultation ‘Pandez’ in order to identify attack nature to prevent any future possible attack. Pandez helped the platform to regain control of the server and get back ownership of the head account to the Rare Bears team. The platform claims that the “server is secure from another attack like this”.
Recently, many NFT platforms and marketplace have suffered a similar pattern of phishing attacks. One of the largest NFT marketplaces, Opensea has been compromised in the phishing attack that led to $1.7 million worth of NFT loss to users.
