JSHy Profile picture
Jun 26 ā€¢ 17 tweets ā€¢ 4 min read
So, the @UglybrosNFT Discord server was breached this morning at about 2 AM EDT.

Here's a post-mortem on what happened šŸ§µ
Important Note:

The Discord has been secured. Serge and his team were amazing and did all the right things to recover their Discord, I helped out a little where they needed it, but they did it mostly on their own. šŸ‘ to them for handling with such professionalism
Q: How does this happen?

A: Serge's Discord account was breached through a bookmark phishing attack. These attacks can steal your Discord token (essentially your discord "seed phrase") and log in without 2FA.
Q: What is a bookmark phishing attack?

A: The attack tricks users into dragging something into their bookmarks on their browser. This bookmark executes some javascript code that steals your Discord token out of your browser's cache, giving themselves full access to your account.
Q: Can you reset your token?

A: Yes! If you change your Discord password, your token will be regenerated, kicking any hackers out. You should regularly change your passwords to be safe.
Q: What happened in the Discord?

A: The hacker went through a couple different steps. First, he banned all the mods so they couldn't try to prevent the breach and scams. Then, they changed permissions for all users and bots. They invited their own account and set up webhooks.
This is the hacker's account. They have been flagged in SecurityBot already, but I am sharing here for more knowledge.

Their user ID is: 732142195749945385
After gaining access, the account began posting in the announcements channel about a fake mint happening on $ETH. This link was a scam. If you authorized your ETH wallet with the contract associated with it, it would drain your wallet.
Remove authorization for the contract ASAP.
Q: What is a webhook?

A: A webhook is an API that allows one-way data-sharing. In Discord, it allows anyone with the URL to post messages in the associated channels, even if they don't have permissions themselves. All webhooks have been removed.
SO IS THIS PREVENTABLE?

Yes. Phishing attacks are one of the hardest to stop (they seem innocent and they usually target overworked mods or staff members), but they can be prevented/mitigated. Below I will share a few steps that you can take RIGHT NOW to protect your community.
USE COLD ADMIN ACCOUNTS

A cold admin account is a discord account stored on an old phone or laptop that has admin rights in your Discord. They are only used to grant temporary permissions or make server changes. No "hot" (active) accounts should have admin permissions.
BE EXTREMELY CAREFUL CLICKING LINKS

Obviously, be careful clicking links. You can't get nitro for free. NEVER drag anything to your bookmarks, Always triple check when entering account info.
SECURITYBOT

@SecurityBotNFT can't stop phishing attacks, but it can help mitigate the damage! You can use the channel lock feature to lock your important channels with a secondary password, meaning that even if someone gained access to your account, they can't post announcements
ANTI-PHISHING CHROME EXTENSION

I have also created a #ProjectCatalyst proposal to try and fight against phishing attacks! I want to build a decentralized anti-phishing chrome extension to protect you while you browse web3.

Please check it out here: cardano.ideascale.com/c/idea/419660
Congrats! You've made it pretty far in my wall of text.

I wanted to bury this because I'm worried about enabling more malicious actors, but the hacker used a publicly available tool on Discord to do most of the malicious work. I am reading the code to see if I can do anything.
If any devs out there would like to take a look at the tool to help fight against it, please let me know and I will share it with you.
I don't want to release it publicly here, because I don't want to give the tools to any would-be malicious actors.
šŸŽ‰ You've reached the end of the thread!

I will definitely be releasing more threads on how to secure yourself and your community in this crazy web3 world. Please let me know if you have any questions about anything in this thread. I am here to help.

Stay safe friends šŸ’œ

ā€¢ ā€¢ ā€¢

Missing some Tweet in this thread? You can try to force a refresh
怀

Keep Current with JSHy

JSHy Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(