$795 000 USD

MARCH 2022

GLOBAL

RARE BEARS

DESCRIPTION OF EVENTS

"The Rare Bears are taking over. They’re cute and sweet, but tough and street. The Bears have a cool retro vibe mixed with a futuristic cyber tone. They’re all about street art, graffiti, music, tech, fashion, and a few old-school video games. They’re down to cuddle once in a while, but if you cross a Bear it’s bad news. The Rare Bears are your ticket into the BearVerse with the most vibrant community around. More NFTs will drop, collabs will happen and more mediums will be explored. We’re bearly getting started."

 

"Official is an NFT collection that was created on March 09, 2022." "Iain Spanhake A.K.A Enox is a professional digital artist from New Zealand." "The Rare Bears are 2,347 unique NFTs from digital artist, Enox. The first collection released in March 2022 and our upcoming Mare Bear collection will be dropping in the second half of the year."

 

"Discord seems to be becoming a good “bait” for hackers to carry out phishing attacks on NFT collectors." "Holders of Rare Bears NFTs got scammed on the community’s Discord channel and lost almost $800,000 worth of digital assets in a phishing attack." "[A] new collection of NFT Rare Bears announced that its members had fallen victim to a similar incident and lost more than $790,000 in assets."

 

"An unidentified person got unauthorized access to the official moderator’s account on the Rare Bears’ server and shared a phishing link." "The fake announcement stated that additional 1,000 unique NFTs priced for 0.1 ETH were added to the collection and are ready to be minted." "The compromised account also invited a bot to lock all channels so no one on the server could warn other members about the NFT fake collection."

 

"[T]he attacker compromised the project head’s Discord account, who was the owner of the Rare Bears server." "According to a Rare Bears team update, the hacker got access to the account of “Zhodan,” a Rare Bears Discord moderator." "Then, the hacker posted an ‘official’ link in one of the channels, informing about a new release of NFTs. In addition, the unknown person disabled other members’ roles on the server and their ability to write or delete posts and warn about the phishing link."

 

"The team admitted to having multiple security breaches and confessed not taking appropriate security measures." "After regaining control of the channel and apologizing to the community, the founding members of Rare Bears announced a new member, Discord manager for security audits."

 

"After realising what had happened, the Rare Bears team managed to regain control of the server. The team members did this by transferring ownership to a new Discord account. They also publicly promised their members that this new account will never interact with members, click any links or accept friend requests."

 

"A detailed review from Peckshield showed that the hacker stole a combined 179 NFTs from the platform. Asides from the Rare Bears NFT, he was able to get his hands on others, including Azuki and some LAND tokens."

 

"In a detailed analysis, the hacker was said to have sold all the NFTs, recouping cash worth around $795,000 from the sales." "According to on-chain research, the majority of the NFTs were sold, netting the hacker 286 ETH worth approximately $795,500, the majority of which was immediately sent through Tornado Cash, a crypto mixer used to hide the source of funds." "After the sale, the hacker obfuscated funds through the known mixer, Tornado Cash."

 

"After the issue was solved, the Rare Bears team decided to compensate Rare Bears community members impacted by the cyberattack: 50 bear NFTs will airdrop on the 22nd of March."

 

“We are sorry this happened, we care and are trying to make this right as best as we can. We cannot bring back your money, but we can return 50 bears and future benefits,” Rare Bears founders said on Discord.

The Rare Bears NFTs are a set of NFT bears made by a New Zealand artist Enox. A security breach in the Discord of the Rare Bears NFT project allowed an attacker to post a malicious phishing link for over 9 hours before the link was finally removed. During that time, an estimated $800k worth of assets were stolen from users. Users who clicked the link and authorized a cheap mint would have had all assets from their wallets taken.

HOW COULD THIS HAVE BEEN PREVENTED?

Individual users should never trust information that is only present on a single source, and always back it up by checking a more official source or getting a second opinion from others.

 

The Rare Bears project could have prevented the situation through tighter security on their Discord. They also could have greatly reduced the impact through a faster response time.

 

Check Our Framework For Safe Secure Exchange Platforms

Bored Ape Yacht Club (BAYC) officially confirmed the project's Discord channel has been hacked - CryptoHubK (Jun 19)
Rare Bears – Rare Bears NFT collection from digital artist, Enox (Jul 14)
Rare Bears NFT Collection - OpenSea (Jul 14)
Rare Bears Nft - Official (RAREBEARS) Charts & Data | Mintalytics (Jul 14)
Rare Bears NFT Discord Hack: Almost $800,000 Worth of NFTs Stolen | Metaverse Post (Jul 14)
@BearsRare Twitter (Jul 14)
Rare Bears NFT Discord Hack: Scammer Runs Away With $800k In NFTs (Jul 14)
Rare Bears suffers phishing attack (Jul 14)
@BearsRare Twitter (Jul 14)
Rare Bears Discord Phishing Attack Nabs $800K In NFTs - CoinCu News (Jul 14)
Discord hack targeting Rare Bears NFT project nets attacker $800,000 (Jan 26)
@MSTPR0 Twitter (Jan 28)
@web3isgreat Twitter (Jan 29)
Rare Bears Discord phishing attack nabs $800K in NFTs  (Jan 29)
The Block: Hacker steals $790,000 of NFTs and crypto from owners of Rare Bears (Jan 29)
"We've Been Through The Ringer" - RareBears via Twitter (Jan 29)
@BearsRare Twitter (Jan 29)
@BearsRare Twitter (Jan 29)
@BearsRare Twitter (Jan 29)
@sueryancami Twitter (Jan 29)
@BearsRare Twitter (Jan 29)
@Punishe32385597 Twitter (Jan 29)
@BearsRare Twitter (Jan 29)
@kohlsaft Twitter (Jan 29)
@DubsyDoes Twitter (Jan 30)
@HuzzaXO Twitter (Jan 30)
@sungin21c Twitter (Jan 30)
@BearsRare Twitter (Jan 30)
@0xelies Twitter (Jan 30)
@Sir_Teamm Twitter (Jan 30)
@BearsRare Twitter (Jan 30)
@BearsRare Twitter (Jan 30)
@Thiago29404948 Twitter (Jan 30)
@Artzhy_ Twitter (Jan 30)
@patel07678843 Twitter (Jan 30)
@whyarewehere42 Twitter (Feb 1)
@sungin21c Twitter (Feb 1)
@tripedy_black Twitter (Feb 1)
@KaiaNFT Twitter (Feb 1)
@KaiaNFT Twitter (Feb 1)
@KaiaNFT Twitter (Feb 1)
@DeucePhlair Twitter (Feb 1)
@tripedy_black Twitter (Feb 1)
@tripedy_black Twitter (Feb 1)
Fake_Phishing5562 | Address 0x67542F6E4Ea651f4c72AB24ABF2Eb9C2c202fcE1 | Etherscan (Feb 1)
@AcE_NFT_Alpha Twitter (Feb 1)

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.