Solana (SOL)-based non-fungible token (NFT) project Monkey Kingdom had its official Discord server hacked on Tuesday during a presale, allowing a cyber thief to run away with nearly USD 1.3m worth of digital assets. The incident is another stark reminder to be extra careful and not to fall into phishing traps.
The incident marks one of the largest NFT project hacks to date, reminding every crypto user, particularly NFT investors, of the risks involved with this emerging industry.
Meanwhile, the hacker targeted the presale of the Baepes, a collection of 2,221 female Wukongs NFTs added to the Monkey Kingdom family. Minutes after the presale started, the project’s Twitter account announced that due to an overload of traffic, their website is currently down.
Subsequently, they informed the community that their Discord channel has been hacked and a phishing link has been published, warning users not to follow the link.
Our Discord channel was hacked and a phishing link was published on our Announcement channel. Do not click the link and if you clicked the link, disconnect your wallet ASAP.
— Monkey Kingdom (@MonkeyKingdom_) December 21, 2021
“Since the morning of 21 Dec 2021, our discord was flooded with thousands of bots impersonating Monkey Kingdom or Baepes announcement. They DM-ed our users directing them to suspicious websites that require them to connect their wallets,” The project detailed.
According to the team, a hacker first used a breach in Grape, a protocol for building token-based membership communities on the Solana blockchain, to take over an administrative account and post a fake link to minting the NFTs.
We've just discovered that one of our setup admins got hacked 7 days ago
For sure this affected the @fractalwagmi and @monkeykingdom_
The hackers are using an exploit involving Discord webhooks
Everyone should check their webhooks immediately
We'll update as we learn more pic.twitter.com/4iGskOnwmw
— Grape Protocol (@grapeprotocol) December 21, 2021
Users who clicked the link and proceeded to authorize the purchase with the expectation of buying an NFT were robbed of their SOL tokens.
Following the incident, some users revealed that they have lost as much as SOL 650 (currently USD 116,200). In total, the team estimates that the hacker got their hands on over SOL 7,000 (USD 1.25m).
Guys I got drained 650 $SOL.
It is one my biggest mistake.
I am always recommending people using burner but I was nervous and fomo the Monkey Kingdom Mint. Never thought it was not a legit mint link in official discord.
It is important money to my family: my wife, my son. pic.twitter.com/rtWbCu81Ga
— commenstar (@commenstar) December 21, 2021
The Monkey Kingdom team has pledged to compensate affected users. “Monkey Kingdom community, we have your back! We have begun processing compensation requests and will be contacting individuals starting today,” they said.
Backed by American DJ Steve Aoki, Monkey Kingdom is the 8th most popular NFT project on Solana. The collection consists of 2,222 algorithmically generated NFTs inspired from Sun Wukong, otherwise known as The Monkey King in Chinese folklore. As of now, the project has a market capitalization of just over USD 20m and a floor price of SOL 55 (USD 9,832).
Source: Cryptonews