🚨🚨NEW SOPHISTICATED SCAM ALERT🚨🚨
Communities are being targeted by putting malicious javascript at the end of known real links to steal discord auth tokens (which results in a full account compromise, with or without 2FA enabled)!
A small 🧵
Communities are being targeted by putting malicious javascript at the end of known real links to steal discord auth tokens (which results in a full account compromise, with or without 2FA enabled)!
A small 🧵
So recently the Boring Security founder became the target of a new discord scam involving a seemingly legitimate interaction of a partnership request.
They even were willing to play the long-game. They setup a call in calendly - the whole nine yards...
They even were willing to play the long-game. They setup a call in calendly - the whole nine yards...
However, we caught word from a partner of a brewing that scam that looks like this:
1) They will direct you to click a link with extra instructions at the end which will log your discord auth token (see screenshot)....
1) They will direct you to click a link with extra instructions at the end which will log your discord auth token (see screenshot)....
2) Then they will have you try something which won't work, (in this case a test mint of their metaverse land).
3) IN CHROME (This doesn't work in Firefox) they will get you to open dev tools and paste a small identifier (our partner was sent 'oxz57hoc').
3) IN CHROME (This doesn't work in Firefox) they will get you to open dev tools and paste a small identifier (our partner was sent 'oxz57hoc').
And then your discord auth token is sent to the scammer - your discord account is fully compromised. 2FA doesn't matter.
Likely they are using tools to see what permissions you have across your discords, and will target your communities accordingly.
Likely they are using tools to see what permissions you have across your discords, and will target your communities accordingly.
This means that in theory someone could send you a link that was opensea(dot)io/listinginfo/{Attacker-Payload-Here} and you think you're going to an opensea listing, but then you realize...(GIF)
This type of attack really emphasizes that clicking links in web3 is super dangerous
This type of attack really emphasizes that clicking links in web3 is super dangerous
Your Discord auth token is too easy to steal!
Please spread the word, as I have a feeling this will be very prolific.
Note: Firefox has some protections built-in against things like this, but Chrome will not warn you about dev-tool access and how dangerous it can be...
Please spread the word, as I have a feeling this will be very prolific.
Note: Firefox has some protections built-in against things like this, but Chrome will not warn you about dev-tool access and how dangerous it can be...
Special shoutout to @Plumferno @Server_Forge and all the help from @techie_club for helping investigate this issue.
It is always better to find out about these issues before they effect our communities at large. Please spread the word!!!!
It is always better to find out about these issues before they effect our communities at large. Please spread the word!!!!
Some other great explanations of it here:
(technical deep dive)
Also, thanks for reading this - please RT the main tweet for visibility here:
(technical deep dive)
Also, thanks for reading this - please RT the main tweet for visibility here:
Loading suggestions...