Virtually every cryptocurrency has been crashing for at least a month—and it keeps getting worse. This has led to major cryptocurrency companies Crypto.com, Gemini, and Coinbase to lay off between 5 percent, 10 percent, and 18 percent of their staff, respectively. But there is one group that’s still thriving in the crypto world: Discord hackers.
In the first two weeks of June alone, hackers have compromised dozens of Discord servers, seven of which occurred just in the last three days. One blockchain analyst tallied 41 hacks occurring between June 1-10, and the popular “Web 3 is going just great” project—which chronicles hacks, scams, lawsuits and other bad news in the world of crypto—counted several more recent breaches. (Motherboard confirmed a sample of 24 of these hacks.)
Even as cryptocurrencies crash and the money going around the whole ecosystem is slowing down, there’s still some to steal, which explains why hackers haven’t stopped during the so-called “crypto winter.” Targeting Discord servers and channels is also a great way for hackers to simultaneously target thousands of people who hold cryptocurrencies and NFTs.
Usually, hackers take over the accounts of administrators and post an announcement with a malicious link, or use the admin’s account to push out similar announcements using the bots that the admins have control of. In both cases, from the perspective of the users, these are messages coming from people or bots that are part of the daily routine of the Discord server, which makes them trustworthy. And that’s why they are so successful.
Hackers can also target multiple servers at the same time by compromising bots that are used by several crypto projects. In May, during another string of hacks targeting NFT projects’ Discord servers, hackers were able to hit multiple projects at the same time by taking control of the Discord bot MEE6, a tool that helps Discord server owners automate welcome messages, announcements, and other events.
At the time, the MEE6 Twitter account said that the root cause of the hacks was that one of its employees was hacked.
Do you have information about hacking groups targeting Discord servers? Or do you know of other web3 and crypto hacks? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email firstname.lastname@example.org
It’s unclear if the recent string of hacked Discord servers was also done by compromising a bot used by different projects or by targeting individual projects, or with a combination of both strategies.
In an email, a Discord spokesperson said that the company “takes the safety of all users and communities very seriously, including social engineering attacks like the ones you’ve shared.”
“While there are clear controls in place, we are always working to make it harder for attacks to happen and continue to invest in education and tools to help protect our users,” the spokesperson’s statement read.
Ultimately, as Motherboard reported at the end of May, these hacks are happening because Discord was never built for users and servers that required a high level of security.
“[Discord] is not built with the idea of enshrining secure communications, it is not built with the idea of thorough privacy in mind. It is not built with the idea of very focused almost [Advanced Persistent Threat] level attackers. Some of these scam groups must have dozens or hundreds of employees in them,” Mitchell Amador, the CEO of blockchain security firm Immunefi, previously told Motherboard. “They're effectively corporations that are professional and dedicated to achieving these outcomes. And they are just ripping through Discord. It was never built to protect against such a dedicated attacker who is targeting such a vast swathe of accounts.”
UPDATE, June 15, 11:53 a.m. ET: This story was updated to include Discord’s comments.