Mike “Beeple” Winkelmann, an artist who works with nonfungible tokens (NFTs), was once again the target of phishing scammers. He told people that the link to his official Discord server had been “hacked” and that new members were being sent to a channel that took money from their accounts.
In a post on October 3, the NFT artist warned users not to go into the “fraudulent” Discord channel and verify because it will “drain your wallet.”
It looks like someone changed our Discord URLs so that they point to a fake Discord. Do not go into that dispute without verifying; it will drain your wallet!
Again, a lot of thanks to Discord for being terrible.
— Beeple (@beeple) Oct. 3, 2022
But Beeple wasn’t the first to notice the URL trick. Several hours earlier, a Twitter user named maxnaut.eth wrote that the Discord link for the Beeple: Everyday—2020 Collection on the NFT marketplace OpenSea marketplace may have been “hijacked.”
The screenshot was posted by Maxnaut. It seems to show that the URL leads to a “CollabLand wallet drainer.” It shows a Collab. Land bot on Discord that tells members to verify account ownership but really works to drain their wallets, noting:
“Your Discord URL was probably taken over by someone else, and your team didn’t change it on OS. People are going to get killed if you don’t change that right away.”
Beeple says that the URLs were hacked and that Discord is to blame, but other people in the crypto Twitter community say that the real problem is weak security.
OKHotshot, an NFT analyst and blockchain detective, responded to the artist’s announcement by saying that the URLs were not hacked. Instead, he said, “Mismanagement of Discord URLs allows this to happen, probably just like it happened to CryptoBatz.”
while Black Alchemy Solutions Group, a cybersecurity firm, said that they didn’t think it was “a Discord problem.”
“This is a problem with how the Beeple Information Security System is being run. If you haven’t already, hire a vCISO (security officer) because Web3 isn’t “natively secure.”
According to Maxnaut.eth, the artist seems to have fixed the Discord URLs that sent people in the wrong direction. “It looks like Beep Man took care of it and fixed it now.”
At the time this was written, the Discord link in the OpenSea listing that was affected also seemed to be gone.
Beeple’s social media and messaging platforms seem to be a favourite target for scammers and hackers. The First 5,000 Days, a collection of 5,000 pieces of art that sold for $69.3 million, was one of the most expensive NFTs ever sold.
Beeple’s website lists as clients Elon Musk’s spacecraft company Space X, tech giant Apple, luxury brand Louis Vuitton, and other well-known companies and people.
In May, a phishing scam made $438,000 in crypto and NFTs by taking over his Twitter account and linking to a fake Louis Vuitton NFT collaboration raffle.
In November 2021, his Discord was used in a different scam. An admin account was hacked, and a fake NFT drop was advertised. The scammers made an estimated 38 Ether (ETH), which was worth about $176,378.14 at the time.
Beeple did not say how many users may have been affected by the current malicious Discord links.
Asian Trade has tried to get in touch with Beeple, but as of the time of publication, they have not responded right away.
