QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
APRIL 2022
GLOBAL
NYOKI CLUB
DESCRIPTION OF EVENTS
"Millions of years ago, Comet Nyoki struck the peak of Mount Fuji… This wasn’t any usual comet but a one of a kind falling star." "Comet Nyoki brought thousands of different and special little species from another universe to Japan. These creatures were named after the comet that crashed down to earth… The Nyokies have lived their secret lives on Mount Fuji for many years, but in current times they are all ready to explore the streets of Tokyo… and eventually the world!"
"Unique, random Nyokies have been created by the founders of Nyoki Club, which include 2,732 characters in 3D and 4K resolution. Nyokies look like big clay modelled bears, have a bulky body, low shoulders, prominent ears, and large vertical eyes." "With nearly endless combinations, all Nyokies are guaranteed to be unique and seamlessly lovely." "Each Nyoki is one-of-a-kind artwork and will be available to be minted on the Ethereum Blockchain from April 10th."
"BlockSecAlert tweeted that Nyoki Club's Discord account was attacked at 6:30 am (UTC) on April 1st. In line with what appears to be an ongoing trend with big NFT projects, the Nyoki Club hackers have been spreading links to fake minting sites."
"Although we were not using the hacked bots in our server, Attackers were able to send a fake mint website as an announcement by using one of the Founder's access tokens. We believe the token was recorded while founder was verifying himself in a different server."
"We've decided to roll out public minting for 1,000 Nyokie NFTs up for mint as a thank you to all your guys' support." "As the Nyoki family, we always follow and support one another. Thank you to every one of you for your hard work and participation within this project."
"Hackers are mainly posing a fake phishing scam using the Discord Bot to disguise the fake links as legitimate new offerings. Vice confirmed that the link links users to two crypto wallets, such as Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan, and that both wallets have experience extensive activity over the past few days as the hackers try to launder their stolen cryptocurrency."
"Bored Ape Yacht Club, Nyoki and Shamanz have all tweeted warnings to users that their Twitter bots have been hacked and are advertising new, completely fake NFTs. If users take users to legitimate NFT sites, the link directs users’ crypto to a pair of crypto wallets that have been illegally laundering their ill-gotten gains."
"Along with blue-chip projects like BAYC, and Doodles, our server was also compromised today due to a recent large-scale hack. We have taken everything under control in less than 30 minutes."
"We've tracked the transactions and confirmed that some of the members got scammed during the incident. Nothing to worry about, we are in contact with victims, and losses will be covered by Nyoki Club."
"Users are advised to stay alert at this time and refrain from clicking suspicious links posted on Discord servers." "Please deauthorize http://Captcha.bot from your discord account if you haven't already."
While Ticket Tool has not released an official announcement, they did offer this explanation: "A recent update I made to the add command had a bug allowing for some type of permission exploit. I've reverted the update to the previous uncompromised version and will be looking into exactly how this happened. The bot itself is not compromised beyond a very unfortunate bug."
Nyoki Club is a popular set of 2,732 NFT characters. On April 1st, their Discord server was attacked, with a fake link posted promising a cheap mint of 1,000 new Nyoki NFT characters. It is believed that the access token was compromised when one of the Admin accounts used the same token to validate on another Discord serer. It is unknown how many users were affected. Nyoki club has agreed to cover all losses.
HOW COULD THIS HAVE BEEN PREVENTED?
It is recommended to be extremely cautious of any links posted on Discord, given the repeated hacks of the platform. Users need to be cautious with any posted links. Always check any communication against multiple official sources of a project.
Platforms should be extremely cautious regarding the permissions which are granted via Discord, and limit the access levels to critical functionality. Discord should improve their security and offer multi-signature permissions for key functions. Ideally, public groups should be managed from an exclusive account which isn't used for anything else.
ttps://chubk.com/bored-ape-yacht-club-bayc-officially-confirmed-the-projects-discord-channel-has-been-hacked/ (Jun 19)
Home - Nyoki Club (Jul 14)
FAQ - Nyoki Club (Jul 14)
Why Nyoki Club is Here to Shake the World of NFTs (Jul 14)
Why Nyoki Club is Here to Shake the World of NFTs | News Direct (Jul 14)
The NFT Discord Channels are Attacked By Hackers, who seek to gain traction in Cryptocurrency - Game News 24 (Jul 16)
Nyoki Club Discord account hacked, scammers spreading links to fake minting sites - Aliens: AI Crypto News & Markets Updates (Jul 16)
Warning: Hackers Are Targeting Discord Bots to Rob NFT Users (Jul 16)
BAYC, Nyoki, Shamanz and other NFT projects suffer Discord hack (Jul 17)
Several huge NFT Discords hacked by scam attacks | TechRadar (Jul 17)
Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers (Jul 17)
https://etherscan.io/address/0xad7f0a2427f93bc8fc178a73ae0d2d188682884f (Jun 20)
https://etherscan.io/address/0x82b9d87ffd80449ca96ec67c19f5d0631b18d5db (Jul 13)
@Serpent Twitter (Jul 17)
@Ticket_Tool Twitter (Jul 17)
@zachxbt Twitter (Jul 17)
