$38 000 USD
DESCRIPTION OF EVENTS
"IMX Bears is a collection of 1,400 unique cute pixelated bears consisting of 200+ hand drawn traits. IMX Bears launches on Immutable X, Layer 2 Ethereum, meaning there will be no gas fees for all transactions. As an IMX Bears holder, you will receive exclusive access to 'The Cave', the IMX Bears DAO!"
"We are almost at 90k discord members!! Come join the party we still have 400 whitelist spots to giveaway!"
"OCT 18th @imxbear was hacked the w/ Webhooks. Approx. 80ETH stolen (not returned)." "The scammer used a Webhook to create a URL to send msgs to the Discord."
"Our discord was hacked. We caught and banned the hacker within 3 minutes. Our launch is in November! Please only use official links and don’t interact with anything that says “free airdrop” or “stealth mint”" "Here is a post regarding our discord being hacked last night."
"I thought mods could not post in announcements. He was able to give himself the "bot" role allowing him to bring bots in to post in announcements. This was an over look by us. We blew up very fast and had a lot of work to do so for this mistake I'm sorry."
"Of course we couldn't tell the future and know one of our mods would be hacked. He will not be allowed back in the discord."
"We went through and banned all the bots. Good news is the server is now secured! Moving forward we made sure all of our mods accounts were secured and made them turn on [2F]A. We take security very serious. We added captcha bot to the discord aswell. The[re] will never be any 'stealth drops' or staff DMing you about 'free drops'. If it sounds too good to be true it probably is!"
"We will compensate all the ETH that was scammed from our community!" "The hacker was able to take approximately 10 ETH from our community members. We are not okay with this!! We plan to give back all that ETH to the people were were a victim of this scam after launch. We will post more information on how we will collect the wallets in the future! We always have the communities back!"
IMX Bears is a limited collection of pixelated bear NFTs. On October 17th, the main discord channel of the project was hacked. The attacker set up a fake minting contract, which actually simply gave them any funds which interacted with it. Once the funds (just over 10 ETH) were obtained, they were brought through TornadoCash. The project removed the mod with weak security and has agreed to fully compensate all affected users.
HOW COULD THIS HAVE BEEN PREVENTED?
Never click links directly from a discord channel. Always go through the official website.
Projects need to pick their moderator teams with care, train them, and not give them any unnecessary permission levels. Greater education for all new investors would help reduce the risks of similar attacks.
@NFTherder Twitter (Jan 27)
@NFTherder Twitter (Jan 27)
https://mobile.twitter.com/imxbears/status/1450090759663783937 (Feb 2)
https://mobile.twitter.com/imxbears/status/1448715809841373184 (Feb 2)
https://mobile.twitter.com/imxbears/status/1449972583097589763 (Feb 2)
https://mobile.twitter.com/qweq1982darren/status/1449983905218449414 (Feb 2)
https://etherscan.io/address/0x9aee206b0b68b73f14dfdbd32f080553cd3fd4a2 (Feb 2)
https://coinmarketcap.com/currencies/ethereum/historical-data/ (Dec 20)
Crypto Father's tweet - "How $250,000 was stolen today from #bearx (surprising)... " - Trendsmap (Feb 5)
Redlion News (Feb 1)