Fractal, a Solana-based gaming NFT marketplace, is the latest victim of unethical knuckle draggers. Users were freed of around $150,000 worth of $SOL tokens in the latest initiative by Twitch co-founder Justin Kan. The dastardly evildoers, according to sources, used a webhook to obtain access to the official Discord announcements feed. Then, just after Fractal's Twitter feed hinted at an upcoming airdrop, he posted a link to what he described as an NFT minting event.
The scammer hacked the startup's Discord announcement bot, which sent out a bogus link to the platform's over 100,000 users, pushing them to pay for a new NFT. The letter promised customers access to 3,333 commemorative NFTs to commemorate the platform's success, but the link was forged with a fractal.is URL that substituted an I for "l," which redirected them to a minting site where they lost their money. Users who joined in a hurry also saw their $SOL-based funds drained from their wallets.
Related: A Hong Kong NFT project, the Monkey Kingdom, loses $1.3 million in a phishing attack
Fractal announced the details of the hack on their official Twitter account, and they've promised to pay back the monies out of their own pockets. On the other hand, the scam underscores a continuing issue in the NFT arena, where fraudsters are fast to exploit any flaws in the communication chain, and projects that are eager to get in on the ground floor are far from safe.
Unfortunately, this is neither the first nor the last hack of its kind. Whether it's an online or offline scam, the first step in security is to do your homework. Before making the final decision, make sure you've exhausted all other options. Crypto transactions are irreversible by design.
Related: NFT Forgeries Are not Going Away Anytime Soon
These hacks aren't particularly unique; a Solana-based project called the Monkey Kingdom had been hacked just hours before for more than $1.3 million in cryptocurrencies. Both attacks on Discord indicate that the chat platform still has some work to do in the area of user authentication and security.