- CISOs who delayed patching Palo Alto Vulnerabilities now face real threat
- How to use AI for research - responsively and effectively
- I've tested a lot of thermal cameras, and this tiny one is a new favorite
- Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist
- Now you can watch Bluesky's explosive user growth in real time
Hackers Impersonate Hacks to Steal Millions
Security researchers have discovered a new phishing campaign designed to hijack Twitter and Discord accounts with a view to stealing cryptocurrency.
Scam Sniffer used blockchain analysis to detect the Pink Drainer hacking group, which it said has now stolen over $3m from more than 2000 victims, some of which are said to be high-profile individuals such as OpenAI CTO Mira Murati.
Read more on cryptocurrency attacks: Clipboard-Injector Attacks Target Cryptocurrency Users
The social engineering techniques deployed are unusual: the scammers pretend to be journalists from outlets like Decrypto and Cointelegraph in order to gain their victims’ trust.
“This process usually lasted for 1-3 days but ultimately required KYC authentication, which embedded phishing related to Discord in the final process,” Scam Sniffer explained.
“For example, by guiding Discord administrators to open a malicious Carl verification bot and guiding them to add bookmarks containing malicious code.”
The malicious code in question is designed to steal the victim’s Discord token, giving hackers access to their account. They proceed by removing other administrators, setting themselves up as admin, and then committing “violations” that lead to the account being blocked by Discord.
At the time of writing, the Pink Drainer group had compromised 2307 victims and stolen close to $3.3m, including as much as $300,000 from a single individual.
Discord accounts are an increasingly popular target for hackers. Last year, researchers discovered malicious npm packages designed to steal Discord tokens and card data.
A separate case in May this year saw Discord itself targeted, after a threat actor gained unauthorized access to the support ticket queue of a third-party customer service agent.