Skip to content

Latest commit

 

History

History
17 lines (9 loc) · 1.2 KB

7.md

File metadata and controls

17 lines (9 loc) · 1.2 KB

Social Account Takeover

Description:

A project's social networking account is also vulnerable to takeover by a malicious actor, who can then spread false information that leads users to inadvertently give up their assets.

The attack starts with the attacker compromising the DeFi discord servers. The attacker commonly uses techniques like phishing, social engineering, bots, etc. to compromise Social accounts like Twitter or discord servers.

After compromising the account, scammers succeed when they can trick users to connect wallets to their Malicious websites. They usually send out links to promotional giveaways and “exclusive” NFTs mints pushing people to jump into these malicious websites by creating a false sense of urgency and provoking FOMO (fear of missing out) among users.

Remediation:

Users should be aware of common attack techniques that scammers use against them like social engineering, phishing attacks, etc. Always double-check any links sent to you via Discord or any other channel.

Reference:

https://medium.com/quillhash/analysing-nfts-discord-server-hacks-quillaudits-46f8d874f913