The Block comes knocking in Discord scam

“Hello there, I am Rummer. from theblock.co where I work as a Article Writer. Our team is intrigued by your NFT project and we would like to request permission to write an article about your project.”

That’s the Discord message that greeted Elton Penguin, a pseudonymous project lead for the Noundles NFT collection, on Sunday, purporting to come from, well, me.

Unfortunately for Elton, however, that beautifully crafted missive hadn’t been penned by me at all. Someone had set up a fake Discord server for The Block and fake profiles for several of our staff, including Frank Chaparro, Lucy Harley-McKeown and Editor-in-Chief Sarah Kopit.

Fake accounts

Elton wasn’t alone. Dozens of people had been contacted by fake accounts purporting to be employees of The Block.

Exactly what these imposters were after wasn’t immediately clear, though the consensus from those targeted was that the efforts at chumminess would result in an eventual phishing attempt.

“My take is they want to get me to feel good and tell them about the project. And then social engineer me for a bit to feel like it’s safe to click links. Then hack my stuff,” said Jake Baker, another victim, who runs the Twitter account behind the Shaq Gives Back NFT collection.

For the record: The Block has no official presence on Discord.

Discord didn’t immediately respond to a request for comment on the apparent scam. 

‘Malicious site’

“The attackers are likely attempting to compromise existing Discord accounts,” said Sacha Tememe, a security engineer at The Block. “The verification link to join their server leads to a malicious site which may try and steal a user’s authorization token, essentially granting the attackers full access to the user’s account.”

Discord is a messaging and chat tool founded in 2015, where users can build communities — called servers — around a specific activity. After first finding an audience among video gamers, the app has more recently become one of crypto’s social networks of choice. It’s rare to find a DAO or NFT project that doesn’t have an affiliated Discord server.

There is an irony here, of course. In targeting projects like Noundles and Shaq Gives Back with the promise of coverage in The Block, the hackers have inadvertently given them coverage in The Block. In this article.

More irony

The second irony is that in attempting to report out this story, I found myself sending Twitter DMs that — on reflection — sounded distinctly scammy.

“How should I refer to you? Do you go by Elton Penguin or do you prefer to be called by your real name in the article?” I found myself typing, just an imagined step or two away from asking for his private keys.

Elton had some advice for me on that front.

“Just work on making your grammar worse, then you’ll have it nailed.”

Source: https://www.theblock.co/post/214155/the-block-discord-scam?utm_source=rss&utm_medium=rss