Axie Infinity targeted in another hack, this time via discord bot

Axie Infinity has announced on its Twitter page that there was a compromise of the MEE6 bot on its Discord server. The MEE6 team has denied that there was an attack on its bot.

The MEE6 bot is quite popular on Discord, with many servers using it for automating messages and other functions. 

Track live crypto price of 10000+ coins!

Axie Infinity said on May 18 that the attackers compromised the bot and used it to add permissions for a fake Jiho account which they subsequently used to post a phony mint announcement.

Fortunately, the developers discovered it quickly. They removed the compromised bot and deleted the messages. According to the gaming platform, it’ll never do a surprise mint and usually announce all such events on Twitter, Facebook, Discord, and Substack.

However, it also said that some users might still be able to see the deleted messages until they restart their Discord. At least one user claims to have lost an NFT and Domain due to the hack.

Axie says others suffered same exploit

Axie Infinity stated that the compromise isn’t particular to its server and that many servers with MEE6 Bot have faced similar issues before. Cool Cats, RTFKT, PXN, PROOF/Moonbirds, and Memeland, have all reported a compromise of their admin accounts due to the bot.

According to those familiar with Discord security, the hackers likely attacked admin accounts first. Then they created a reaction role feature from the MEE6 bot, which the admin role to another account.

Related:  Houston Texans, the first NFL team to accept Bitcoin

By doing this, they could send webbook messages without revealing the compromised administrator account.

MEE6 denies any hack 

MEE6 has denied the claim of a compromise on its Discord server. It said there was no compromise of any NFT community due to its bot.

“We have not been contacted by any real community owners at the time of this message, nor via Discord or any other Support Communication Channels. We have checked the situations with our engineers, and no data of unusual activities have been spotted,” the statement reads.

Axie Infinity’s native token AXS has struggled since the exploit, even after raising new funds to refund the users.

Users’ confidence has dropped and continues to go down due to delays and increasing security concerns. AXS is currently trading at $21.6 from an ATH of $164.9 in November 2021.

Download MAXBIT Android App, Your best source of all crypto news!

Google Play

Source link

Share this article: