• Hacking of NFT projects using their official Discord groups

  • Another hacking assault method has just come to light, with the disclosure of two NFT projects being infiltrated using the same way. The hackers specifically used webhooks to get access to Discord. The victims were the Monkey King NFT collection and Fractal, an in-game marketplace.

    The hack occurred on December 21st, just as both projects were prepared to distribute prizes to their early supporters. Monkey Kingdom was about to launch a presale, and Fractal was about to thank their fans with an airdrop in the coming days.

    These are common tactics used by NFT projects to generate interest and support for their projects.

    What happened?

    Everything seemed normal at first as the projects prepared for the drops. Messages, however, began to appear on their Discord groups on the ‘Official Announcement’ boards. They claimed that a previously unknown mint would be established to reward community members.

    Because many projects can sell out in minutes in the crypto realm, everyone is prepared to move quickly. As a result, when the “formal announcement” was made, hundreds of community members from both projects leaped at the chance.

    To receive their NFT, they were instructed to click a link and provide their address. Instead of receiving the aforementioned NFT, they had their Solana stolen from their wallets.

    Soon after, both Monkey Kingdom and Fractal tweeted that their Discord groups had been hacked.

    According to The Verge, the attack cost Fractal cryptocurrency worth $150,000, while Monkey Kingdom was hacked for $1.5 million.

    How were the NFT projects compromised?

    The blockchains on which the projects are hosted were not targeted by the breach. Rather, they exploited flaws on the project’s Discord service, where community members congregate. They exploited the ancient adage of ‘FOMO on a decline,’ which is common in the NFT economy.

    In other words, one of the main selling points for practically all NFT initiatives has been used against them.

    Through webhooks, the hackers got access to the Discord groups. They were able to broadcast messages to the entire group via the ‘official announcement’ channel after hacking the channel.

    The initial intrusion was traced back to a phishing attack on a Grape Network employee, a company that supplies community management tools to numerous NFT projects.

    Dean Pappas, the firm’s founder, acknowledged to The Verge that the attack targeted one of his employees. “This is one of those things that truly affects you, both professionally and in terms of pride,” Pappas said. “This is a challenging scenario.”

    How did the NFT projects respond to the hack?

    Monkey Kingdom has reported that further security has been implemented, and that funds have been gathered to compensate victims of the hack.

    Fractal has relaunched (with enhanced security) and refunded all those harmed by the hack.


    Not everyone out there has good intentions; there are many people out there that want to grab your money. Always use caution, and best of luck out there.

    What's your reaction?