Soon to debut NFT platform, Fractal, suffered a security breach where a scammer hacked the announcement bot in the startup’s Discord channel, sending phishing links to over 100,000 people asking them to pay for a new NFT airdrop.
On Tuesday, the platform acknowledged the attack and reported that 373 users were affected, with the hacker getting away with approximately 800 sol which roughly translates to somewhere around $150,000. The startup, funded by founder Justin Kan’s GOAT Capital Fund, has already pledged to pay the duped users back.
The message promised users access to 3,333 NFTs to celebrate the startup’s success but instead took them to a minting site where they ended up paying but got nothing in return. You see, the link included in the message pointed to fractal.is but with an ‘l’ instead of the ‘i’, taking users to a completely different site. Fractal’s actual platform was due to launch this week.
Up for a shaky launch
As mentioned above, the startup promised to pay the users back, urging them not to delete their wallets as they have no way of verifying who the wallet users are except returning the funds to the drained wallets. Fractal already has a list of all the 373 wallets duped, so the affected users need to sit tight.
The platform further asked users to exercise caution as they may not be able to cover future losses. They’re working with Discord’s Trust and Safety team to do a full security audit of their Discord server in addition to working with other potentially impacted Discord communities to track the hacker down.
NFT airdrops sell out rather quickly, making the NFT market rather opportunistic to seize every chance they can. As you can guess, this can trump caution at times and can be dangerous for those new to the market.
Another Solana-based marketplace, Monkey Kingdom, was hacked several hours earlier for about $1.3 million worth of crypto. Both these attacks have taken place on Discord, which means the platform itself needs to check its user verification methods.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.