Nonfungible token (NFT) artist Mike “Beeple” Winkelmann has found himself the target of phishing scammers yet again, warning users that the URL link to his official Discord server was “hacked” — sending unaware new members to a wallet-draining Discord channel if they follow the link.
In an Oct. 3 post, the NFT artist warned users not to go into the “fraudulent” Discord channel and verify as it will “drain your wallet.”
it appears our discord URLs were hacked to point to a fraudulent discord. DO NOT go into that discord and do not verify, it will drain your wallet!!
once again massive thanks again to discord for being garbage.
— beeple (@beeple) October 3, 2022
However, Beeple wasn’t the first to notice the URL sleight-of-hand, with Twitter user maxnaut.eth noting in a post hours earlier that the Discord link connected to the Beeple: Everydays — 2020 Collection on NFT marketplace OpenSea may have been “hijacked.”
The screenshot shared by maxnaut.eth suggests that the URL points to a “CollabLand wallet drainer,” showing a Collab.Land Bot on Discord which directs members to verify account ownership — instead it works to drain their wallets, noting:
“Your Discord URL probably got hijacked and your team didn’t update it on OS. You need to change that ASAP or people going to get rekd.”
While Beeple claims the URLs were hacked and that Discord is to blame, other Crypto Twitter community members are arguing that lax security measures are truly to blame.
NFT analyst and blockchain detective OKHotshot replied to the artist’s announcement, stating the URLs were not hacked but instead alleging, “Mismanagement of discord URLs allows this happen, probably just like it happened to CryptoBatz.”
While cybersecurity firm Black Alchemy Solutions Group commented their belief that it was not “a Discord problem.”
“This is a problem with a mismanagement of the Beeple Information Security apparatus. If you haven’t already, hire a vCISO (Security Officer), web3 doesn’t = Natively Secure.”
It appears that the misdirecting Discord URLs have been fixed by the artist, according to maxnaut.eth, noting that it “Seems Beep Man picked it up and has fixed it now.”
At the time of writing, the Discord link in the affected OpenSea listing also appears to be gone.
Related: 8 sneaky crypto scams on Twitter right now
Beeple’s social media and messaging platforms appear to be a popular target for scammers and hackers, having sold some of the most expensive NFTs on record, including the First 5,000 Days, a compilation of 5000 pieces of artwork that sold for $69.3 million.
Elon Musk’s spacecraft manufacturer Space X, tech giant Apple, luxury brand Louis Vuitton and other high-profile companies and individuals are all listed as clients on Beeple’s website.
In May, a phishing scam netted $438,000 in crypto and NFTs through a hijacking of his Twitter account, linking to a raffle purporting to be related to a Louis Vuitton NFT collaboration.
In Nov. 2021, his Discord was part of another scam, where an admin account was compromised and a fake NFT drop was advertised, netting the scammers an estimated 38 Ether (ETH), worth roughly $176,378.14 at the time.
Beeple did not disclose how many users may have been impacted by the current malicious Discord links.
Cointelegraph has reached out to Beeple but has not received an immediate response at the time of publication.
Source: https://cointelegraph.com/news/beeple-s-discord-url-hijacked-directing-users-to-wallet-drainer