TechFlow reports that regarding the recent attacks on multiple NFT project Discord accounts, the Discord bot Ticket Tool tweeted that a recent update to the "add" command contained a vulnerability allowing a certain type of privilege escalation attack. The update has now been rolled back to a previous secure version unaffected by the attack, and a thorough investigation into how this occurred is underway. Additionally, the bot itself has not been compromised.
Previously, Serpent, founder of Discord and cryptocurrency threat mitigation system Sentinel, tweeted that he received insider information from a hacker indicating that the official verification captcha bot Captcha.Bot had been breached and urged users to remove it from their servers immediately. The BAYC and Doodles Discord accounts have already been attacked, with more servers expected to be targeted. Serpent later updated his post, stating that the owner of Captcha Bot was hacked and source code was stolen, and the hackers are attempting to extort him. Although the bot currently appears uncompromised, removal is still recommended. The true source of the hack has been confirmed to be 100% linked to Ticket Tool.
Navigating Web3 tides with focused insights
Contribute An Article
Media Requests
Risk Disclosure: This website's content is not investment advice and offers no trading guidance or related services. Per regulations from the PBOC and other authorities, users must be aware of virtual currency risks. Contact us / [email protected] ICP License: 琼ICP备2022009338号




