Rare Bears faced phishing attack, attackers steals $800K in NFTs

Unique hand-drawn NFTs taking over the BearVerse, Rare Bears, has witnessed an attack where the hacker posted a phishing link on the project’s official Discord channel. This has led to a loss of $800,000 in NFTs.

blockchain security firm Peckshield analyzed the attack and said that the attacker has stolen 179 NFTs including Rare Bears and several other NFTs from different collections including a “mfer” from artist sartoshi, CloneX, Azuki, and six LAND tokens used for the famous The Sandbox.

PeckShieldAlert #Phishing ~179 #NFTs transferred to @BearsRare exploiters, including ~4 Clone Xs #CloneX, ~4 $Azuki @AzukiZen, ~1 #mfer @sartoshi_nft, ~2 #3landers @3landersNFT, ~6 $LAND @TheSandboxGame #TheSandbox #Metaverse #NFTs https://t.co/rtAVYTWIJr https://t.co/TyMLPfmlz4 pic.twitter.com/x15KK4Lkp7

— PeckShieldAlert (@PeckShieldAlert) March 17, 2022

As per the on-chain analysis, most of the NFTs have already been sold, leading to the attacker grabbing 286 Ethereum, worth $795,500. Most of the fund is put through a crypto mixer used to obfuscate the source of funds, Tornado Cash.

Rare Bears attacked through Discord

A slew of similar phishing attempts has surfaced on Discord in recent months with Animoca Brands losing 265 ETH, implying that some teams should pay closer attention to the security of admin accounts. The Rare Bears team announced earlier today that it has recruited security specialists and auditor Pandez to conduct a complete security audit of its Discord server.

According to the Rare Bears team, the hacker got access to the account of Zhodan, a Rare Bears Discord administrator, and issued a statement within the group’s channel announcing a fresh minting of NFTs is taking place.

🚨 Warning 🚨@BearsRare
Discord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team are working on the situation as we speak 🙏🏼

— Rare Bears vs Mare Bears (@BearsRare) March 17, 2022

The security audit discovered that the project’s head’s Discord account had been hacked. Using the stolen account, the attacker then banned or revoked other members’ roles from the server, therefore limiting their power to remove the phishing link.

The attacker then added a bot to the server, which froze all channels and prevented others from publicly revealing that the postings and links were fake.

Rare Bears said that the team was able to reclaim ownership of the server by removing the stolen account and transferring ownership to a fresh one and that the service is now secure against future attacks.

Before this, OpenSea also confirmed that it has been witnessing phishing attack when the users reported stolen NFTs.