Successful NFT artist Beeple has once again had to deal with phishing attempts on his community. This time, the OpenSea page of one of his collections displayed a Discord link containing a fraudulent bot
Beeple’s Discord server phished
Famous non-fungible token (NFT) artist Mike Winkelmann, known as Beeple, has again had his social networks used for phishing attempts.
Specifically, it is Discord. As one NFT collector pointed out on Twitter, the Discord link on OpenSea for the “BEEPLE: EVERYDAYS – THE 2020 COLLECTION” linked to a lounge with a fraudulent program:
@beeple Your OpenSea BEEPLE: EVERYDAYS – 2020 COLLECTION has a Discord link attached to it that links to a scam CollabLand wallet drainer.
Your Discord URL probably got hijacked and your team didn’t update it on OS. You need to change that ASAP or people going to get rekd. pic.twitter.com/GFMwWU2xd2
– maxnaut.eth (@maxnaut) October 3, 2022
The bot in question is a malicious Collab.Land. Such bots are used on Discord to, for example, verify that the user has such and such an NFT to access a server. Here, in this case, it seems that giving permission to this program could have allowed a hacker to empty the contents of the wallet that performed the signature.
Beeple later confirmed the phishing attempt, accusing Discord of “being a bin”:
it appears our discord URLs were hacked to point to a fraudulent discord. DO NOT go into that discord and do not verify, it will drain your wallet!
once again massive thanks again to discord for being garbage.
– beeple (@beeple) October 3, 2022
However, some observers note that the problem is not Discord’s fault, but rather the artist’s mismanagement of links:
No your discord URLs weren’t “hacked”. Mismanagement of discord URLs allows this happen, probably just like it happened to CryptoBatz.
– OKHotshot (@NFTherder) October 3, 2022
Whatever the reason, the artist has not communicated on possible victims of this scam attempt. OpenSea has not posted a Discord link to the collection at the time of writing
The artist is already a victim of his own success
Beeple is a very popular artist in the NFT world. Last March, one of his works sold for $69.3 million at a Christie’s auction. This notoriety is therefore used by malicious actors to try to steal funds from investors.
Last May, Beeple’s Twitter account was hacked, resulting in over $400,000 being stolen in phishing attacks.
The modus operandi was different this time, as it involved giving authorisation to a smart contract thinking it was interacting with the Collab.Land bot on the artist’s Discord server.
In order to prevent possible problems, it is recommended to copy and paste the address of the smart contract into a blockchain browser on such operations before any signature. If one notices, for example, that the contract was created recently, while the verification on the Discord server has been in place for a long time, this may be an indication of an attempted scam.
This event shows once again that for any popular project, artist or collection, it is important to be vigilant, as there are always people who will try to profit from it at the expense of the investors.