On September 22, 2022, Boring Security tweeted about a new Discord scam that aims to steal authentication tokens from the creators of various NFT and Metaverse projects, using links to real NFT and Metaverse project websites to appear to be a legitimate partnership initiative.
Today, Boring Security released a report on how its founder became the target of the new Discord scam through a seemingly legitimate partnership request with the perpetrator using Everdome as a cover.
According to Boring Security, the new scam targets crypto community servers and crypto project founders using real project website names.
As reported, these scammers act very professionally and solicit partnerships, primarily utilizing upcoming crypto projects from targeted Metaverse and NFT Discord communities from founders and managers.
As the partnership deliberations progress, the scammer tries to convince the targeted project representative to get on a voice call to give a tour of their beautiful website and their Metaverse land, which in this case is another actual project, by clicking on the provided link that contains malicious JavaScript at the end as shown in the picture.
The added javascript code is used to steal the account authentication token from anyone who clicks on the link, ultimately compromising the account, granting them full access to the target account even with two-factor authentication enabled.
During the tour, the targeted Rep or Founder will be asked to test mint land using the Chrome browser, which the site, unfortunately, isn’t minting yet; As a result, it will fail. Based on this, the representative is requested to help them debug the website using the Chrome developer tools.
Then, the representative will be given a small identifier to be pasted in the developer console, which acts as a referral to help them know where the authentication token that was previously sent to them through the JavaScript containing the link that was visited, i.e., the discord server the person owns or serve as an admin.
As stated by plumferno.eth on Twitter, the compromised account can be fixed by changing the password associated with the account. Also, individuals are advised not to use the developer tool unless they know what they are doing.