GameSpot may receive revenue from affiliate and advertising partnerships for sharing this content and from purchases through links.

NFT Gaming Project Hack Sees $150K Of Crypto Stolen

The hacker used a Discord bot to scam users out of around $150,000 worth of Solana cryptocurrency.

By on

5 Comments

Buyers hoping to get in on the ground floor with Fractal, a gaming-based NFT project by Twitch co-founder Justin Kan, have instead found themselves scammed out of their Solana (SOL) by a hacker. The hack took advantage of hype around the project, using a vulnerability with a Discord bot to send a link that would drain buyers' wallets of SOL.

As reported by The Verge, the hack took place through Fractal's official Discord server. Taking advantage of the fact that the Fractal team had been building up hype for its first airdrop--an initial release of NFTs for early adopters--the hacker posted a message in the Discord's announcement channel with a link to a supposed NFT drop.

According to an analysis by Tim Cotten, most users in the Discord realized straight away that the message was a fake, but those who were keen to get in on the NFT drop went ahead and clicked on the site's "mint" button, which asked for 1 SOL to mint each NFT. Users who linked their Solana wallets then found their entire accounts drained.

The Fractal team shut down the announcements channel entirely after only five to 10 minutes, Cotten reports, but 373 users still fell victim to the hack, collectively losing over 862 SOL for a value of around $150,000.

Fractal has posted an official response to the hack, saying that it will fully compensate anyone who fell victim to the scam--while also boasting that only 0.3% of its community fell for the fake message. The hack has now been linked to exploits involving Discord webhooks, and Fractal has said it's now in touch with Discord Trust and Safety to do a full audit of its Discord security.

The Fractal team also used this as a reminder for its followers to be careful with all things involving crypto. "If something doesn’t feel right in crypto, please don’t proceed, even if at first it looks legitimate," the blog post reads. "We must use our best judgment as there’s no 'undo button' in crypto."

While Fractal has reminded its fans that its initial airdrop will be free for early adopters, and verified by founder Justin Kan on Twitter, it's also warned that "the next exploit might be much larger," and that Fractal may not be able to compensate for future losses.

Got a news tip or want to contact us directly? Email news@gamespot.com

PC
Join the conversation
There are 5 comments about this story
Load Comments (5)