APRIL 2022




"Millions of years ago, Comet Nyoki struck the peak of Mount Fuji… This wasn’t any usual comet but a one of a kind falling star." "Comet Nyoki brought thousands of different and special little species from another universe to Japan. These creatures were named after the comet that crashed down to earth… The Nyokies have lived their secret lives on Mount Fuji for many years, but in current times they are all ready to explore the streets of Tokyo… and eventually the world!"


"Unique, random Nyokies have been created by the founders of Nyoki Club, which include 2,732 characters in 3D and 4K resolution. Nyokies look like big clay modelled bears, have a bulky body, low shoulders, prominent ears, and large vertical eyes." "With nearly endless combinations, all Nyokies are guaranteed to be unique and seamlessly lovely." "Each Nyoki is one-of-a-kind artwork and will be available to be minted on the Ethereum Blockchain from April 10th."


"BlockSecAlert tweeted that Nyoki Club's Discord account was attacked at 6:30 am (UTC) on April 1st. In line with what appears to be an ongoing trend with big NFT projects, the Nyoki Club hackers have been spreading links to fake minting sites."


"Although we were not using the hacked bots in our server, Attackers were able to send a fake mint website as an announcement by using one of the Founder's access tokens. We believe the token was recorded while founder was verifying himself in a different server."


"We've decided to roll out public minting for 1,000 Nyokie NFTs up for mint as a thank you to all your guys' support." "As the Nyoki family, we always follow and support one another. Thank you to every one of you for your hard work and participation within this project."


"Hackers are mainly posing a fake phishing scam using the Discord Bot to disguise the fake links as legitimate new offerings. Vice confirmed that the link links users to two crypto wallets, such as Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan, and that both wallets have experience extensive activity over the past few days as the hackers try to launder their stolen cryptocurrency."


"Bored Ape Yacht Club, Nyoki and Shamanz have all tweeted warnings to users that their Twitter bots have been hacked and are advertising new, completely fake NFTs. If users take users to legitimate NFT sites, the link directs users’ crypto to a pair of crypto wallets that have been illegally laundering their ill-gotten gains."


"Along with blue-chip projects like BAYC, and Doodles, our server was also compromised today due to a recent large-scale hack. We have taken everything under control in less than 30 minutes."


"We've tracked the transactions and confirmed that some of the members got scammed during the incident. Nothing to worry about, we are in contact with victims, and losses will be covered by Nyoki Club."


"Users are advised to stay alert at this time and refrain from clicking suspicious links posted on Discord servers." "Please deauthorize http://Captcha.bot from your discord account if you haven't already."


While Ticket Tool has not released an official announcement, they did offer this explanation: "A recent update I made to the add command had a bug allowing for some type of permission exploit. I've reverted the update to the previous uncompromised version and will be looking into exactly how this happened. The bot itself is not compromised beyond a very unfortunate bug."

Nyoki Club is a popular set of 2,732 NFT characters. On April 1st, their Discord server was attacked, with a fake link posted promising a cheap mint of 1,000 new Nyoki NFT characters. It is believed that the access token was compromised when one of the Admin accounts used the same token to validate on another Discord serer. It is unknown how many users were affected. Nyoki club has agreed to cover all losses.


It is recommended to be extremely cautious of any links posted on Discord, given the repeated hacks of the platform. Users need to be cautious with any posted links. Always check any communication against multiple official sources of a project.


Platforms should be extremely cautious regarding the permissions which are granted via Discord, and limit the access levels to critical functionality. Discord should improve their security and offer multi-signature permissions for key functions. Ideally, public groups should be managed from an exclusive account which isn't used for anything else.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.