Hackers have exploited a popular Discord bot to deceive users into clicking malicious links inside Discord servers of several popular nonfungible tokens (NFT) projects.

Blockchain cybersecurity firm PeckShield published an alert via Twitter, warning that several NFT Discord servers were compromised. According to Vice, the hackers targeted Memeland, PROOF/Moonbirds, RTFKT, as well as the Web 3 infrastructure company CyberConnect. 

CyberConnect later confirmed the hack, asking users not to click on any link. “We will never ask for your private key on Discord!” the company tweeted, noting the CyberConnect team is working to resolve the situation with the bot’s security in their server. 

Memeland also alerted users on Twitter and Discord. “A discord bot (mee6) seems to be compromised across various high profile servers, including Proof/Moonbirds, RTFKT, PXN, and us,” a Memeland team member wrote. “Stay vigilant all the time. Deauthorize unused/unknown apps in your settings. Do not click on any links. And as always: DON’T TRUST. VERIFY.”  

Several Discord Channels for some of the most popular NFT projects have been compromised in recent months. In April, Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz, had all Discord accounts hacked and abused. Earlier in May, several Discord servers for the NFT marketplace OpenSea were hacked. 

The string of attacks exposes security weaknesses in NFT Discord channels. Roger Grimes, a data-driven defense evangelist at KnowBe4, says, “The key lesson here is that anyone in the potential attack chain of cryptocurrency or NFTs has to be secured as if they were a high-security government agency.” Grimes says cryptocurrency and NFTs are different and very attractive to attackers. “When an attacker finds a vulnerability in cryptocurrency or NFTs, it almost always directly leads right to value theft, and the victim almost always has no way of recovering that stolen value. The immutability of the blockchain cuts both ways, and sometimes it is not on the side of the good actor.”

All NFT and cryptocurrency services have to start acting like the high-risk targets that they are, Grimes says. “They have to lock down all devices and software with high-security configurations, require phishing-resistant MFA to log in, run application control problems backed by a secure hypervisor chip, aggressively patch all exploitable software and aggressively educate their employees on how to recognize and prevent phishing attacks,” Grimes adds.