QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
APRIL 2022
GLOBAL
SHAMANZS
DESCRIPTION OF EVENTS
"Barcelona based award-winning design studio Brosmind, is led by brothers Juan and Alejandro." "Shamanzs is an original collection of 9898 programmatically and randomly generated NFTs on the Ethereum blockchain. Hundreds of traits have been drawn by hand, to create a vast array of high quality and unique loving characters." "Mint Date: May 19[, 2022]"
"The wisest Monkzs, Sadhuzs, Godzs and Guruzs on spiritual land, no matter which ancient religion they belong to, are secretly joining forces to create a powerful unified legion. Their goal is to spread love and good vibezs to erase bad energies from mother Earth for once. A new army of Shamanzs is secretly emerging, and the largest community of followerzs ever seen, is about to enlighten the whole metaverse with limitless positive energy." "Leaders from different tribes, beliefs, religions, backgrounds and natures are fusing in an evolved and upgraded version; self-proclaimed as SHAMANZS."
"Also in the afternoon of March 1st. A number of other famous NFT projects were also hacked by Discord in a similar way, including Doodles, Shamanzs and Nyoki."
"Hackers are mainly posing a fake phishing scam using the Discord Bot to disguise the fake links as legitimate new offerings. Vice confirmed that the link links users to two crypto wallets, such as Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan, and that both wallets have experience extensive activity over the past few days as the hackers try to launder their stolen cryptocurrency."
"The first account obtained one NFT, sold it, and sent almost 20 ETH to the second wallet. The second one then sent more than 60 ETH to a mixing service, to “launder” the tokens. After that, the second wallet sent .6 ETH to two addresses - one inactive, and one with more than 1,400 ETH, and more than 6 million Tether coins."
"Bored Ape Yacht Club, Nyoki and Shamanz have all tweeted warnings to users that their Twitter bots have been hacked and are advertising new, completely fake NFTs. If users take users to legitimate NFT sites, the link directs users’ crypto to a pair of crypto wallets that have been illegally laundering their ill-gotten gains."
"We acted fast and in less than 5 minutes we could find the hack. Thanks for everyone helping. The ticket bot has been compromised, remove it from you server if you haven’t yet. We made our DC private."
While Ticket Tool has not released an official announcement, they did offer this explanation: "A recent update I made to the add command had a bug allowing for some type of permission exploit. I've reverted the update to the previous uncompromised version and will be looking into exactly how this happened. The bot itself is not compromised beyond a very unfortunate bug."
Shamanzs NFT Discord included the third party Ticket Tool plug-in, which was either malicious or exploited by a third party to post malicious links on the discord channel. The malicious link took users to a fake minting page, where they could generously donate their money to the hacker if they didn't have an interest in verifying the smart contract address. Multiple users were scammed, and it doesn't seem like the project did anything to assist victims. Proceeds were mixed with TornadoCash.
HOW COULD THIS HAVE BEEN PREVENTED?
It is recommended to be extremely cautious of any links posted on Discord, given the repeated hacks of the platform. Users need to be cautious with any posted links. Always check any communication against multiple official sources of a project.
Platforms should be extremely cautious regarding the permissions which are granted via Discord, and limit the access levels to critical functionality. Discord should improve their security and offer multi-signature permissions for key functions. Ideally, public groups should be managed from an exclusive account which isn't used for anything else.
Bored Ape Yacht Club (BAYC) officially confirmed the project's Discord channel has been hacked - CryptoHubK (Jun 19)
Shamanzs NFT - The Ones Who Know (Jul 14)
Shamanzs NFT – NFTdroops (Jul 14)
The NFT Discord Channels are Attacked By Hackers, who seek to gain traction in Cryptocurrency - Game News 24 (Jul 16)
Warning: Hackers Are Targeting Discord Bots to Rob NFT Users (Jul 16)
BAYC, Nyoki, Shamanz and other NFT projects suffer Discord hack (Jul 17)
Several huge NFT Discords hacked by scam attacks | TechRadar (Jul 17)
Bored Ape Yacht Club, Other Major NFT Project Discords Hacked by Scammers (Jul 17)
https://etherscan.io/address/0xad7f0a2427f93bc8fc178a73ae0d2d188682884f (Jun 20)
https://etherscan.io/address/0x82b9d87ffd80449ca96ec67c19f5d0631b18d5db (Jul 13)
@shamanzs Twitter (Jul 17)
@Serpent Twitter (Jul 17)
@Ticket_Tool Twitter (Jul 17)
@zachxbt Twitter (Jul 17)
