Solana NFT project Monkey Kingdom in Hong Kong, which is sponsored by the well-known American DJ Steve Aoki, became another victim of phishing, with hackers stealing $1.3 million worth of cryptocurrencies from the project’s community. The information about the incident was revealed on the company’s Twitter page, where it was stated that hackers used a flaw in their Discord server to steal the money.
How the Attack Unfolded
The Grape Protocol Breach
This cyberattack started off with a breach in Grape, which is a popular Solana protocol for authenticating community members. It is through Grape that hackers took advantage of the vulnerability and gained access to the Monkey Kingdom Discord server admin account.
The Phishing Link
After gaining access, the intruders placed a fake link in the announcement section of the server. Users who clicked on the link in anticipation of getting an NFT airdrop ended up with their Solana tokens being drained without any knowledge of what happened.
Worst Possible Timing
This hacking incident took place at the worst possible timing because there was a queue by users awaiting the second NFT airdrop.
About Monkey Kingdom
- It includes a total of 2,222 algorithmically generated NFTs based on Sun Wukong, “The Monkey King,” from Chinese folklore.
- Regarded as one of the most successful Asian NFTs to have been created so far.
- Funds raised through the initial release went towards aiding Asian communities across the globe.
Impact and Community Response
Victims Come Forward
One of the victims of this scam, whose Twitter username is “commenstar,” lost 650 SOL worth about $120,400 from their account.
Compensation Fund Launched
Monkey Kingdom took immediate steps despite such a dangerous breach in security:
- A special compensation fund has been set up for the victims
- The project is confident that it will fully refund the affected users
- No further information regarding timelines has been provided as yet
A Broader Pattern of Discord Exploits
This is not an isolated case. In the last year, crypto fraudsters have continued to spot Discord as a prime attack vector, compromising admin accounts and creating phishing announcements bots on various NFT community channels. Indeed, phishing attacks on Discord have been one of the most consistent and destructive vectors in the NFT environment in recent months.