The leading play-to-earn NFT game Axie Infinity confirmed on Twitter that it faced an attack on its Discord server leading to a compromise of its MEE6 bot.
MEE6 is a discord bot that is used by many crypto projects for automating tasks and messages. The attackers utilized the hacked bot to provide permission to a fake Jiho account, then released a fake mint announcement.
The team was able to eliminate the fraudulent messages as well as the compromised MEE6 bot from the main server. They cautioned that many users may continue to see the fake message until they restart Discord.
The Axie Infinity team will keep updating its users on the situation via Twitter, Discord, Substack, and Facebook at the same time.
Similar concerns plagued several projects that have the MEE6 bot installed on their servers. The admin accounts of RTFKT, PROOF/Moonbirds, PXN, Memeland, and Cool Cats, and some others have been compromised.
The official Mee6 account later clarified that there was no technical breach in their systems, but one of their employee’s accounts was compromised.
The Mee6 team stated that the issue is now fixed and they will make sure things like this will not happen again.
According to Discord security experts, the hackers most likely targeted admin accounts first in order to use the MEE6 reaction role capability to grant an alternate account admin.
The technology allows attackers to send web book messages while hiding the administrator account that has been compromised. Rather than attempting to identify the compromised account, the best solution is to remove MEE6 as soon as possible.
The breach of the Discord bot comes less than a month after one of the largest heists on Axie Infinity’s Ronin bridge, which resulted in the loss of over $600 million in crypto assets.
The P2E game community’s faith in Axie Infinity, which was previously seen as a groundbreaking endeavor in the gaming world, has been shaken by a series of security breaches.
