Rare Bears falls victim to a phishing scam that claimed $790,000 only a few days after launch
A hacker stole about $790,000 worth of NFTs and other cryptocurrencies from owners of the freshly launched Rare Bears collection. The NFT collection was created by New Zealand-based digital “Enox” and was only made public last week. It comprises 2,400 cartoon-themed bears.
The culprit was able to acquire unauthorized access and appear as an official moderator on the server due to the project’s Discord group’s compromised security, according to the project’s team.
On Discord, the attacker sent out a message announcing the release of a new NFT mint, followed by a link to a phishing site. Another Twitter user is known as “steldes” shared a screenshot of the fake announcement on the Discord server, which included the scammer Zhodan.
The hoax statement stated that 1,000 more rare NFTs would be added to the collection, with a mint price of 0.1 ETH (US$280). The website hosted a malicious smart contract that gave the attacker control over the victims’ wallets when they interacted with it. As a result, the hacker stole 179 NFTs and other assets belonging to everyone who participated in the mint.
Despite Rare Bears administrators’ best efforts to alert the community of the security breach, the offender was able to flee with over 179 NFTs, including Rare Bears assets as well as CloneX, 3landers, Azuki, and mfer.
The victims’ crypto assets were also frozen, allowing the offender to flee with 286 ETH ($790,000) after quickly reselling the assets. The 72.3 ETH was transmitted across three wallets (which are likely under the hacker’s control), with the remaining 213 ETH being routed through mixing service Tornado Cash.
Despite Rare Bear launching 2,400 NFTs relatively successfully just a few days before the scandal (with its public mint becoming operational on Sunday), as well as acquiring its LAND in The Sandbox, the situation can most surely be labeled as a frightening start for its community, and further, it serves as a rather explicit reminder to stay vigilant when navigating this sometimes-unreliable space, particularly on Discord.
Many NFT platforms and marketplaces have recently been targeted by phishing attacks. Opensea, one of the largest NFT markets, was hacked in a phishing assault that resulted in users losing $1.7 million in NFT.
Suspicious links should always be treated with caution.
