- Avalanche and ZKsync Discord servers have been compromised inside 48 hours of Polygon.
- Attackers shared pretend hyperlinks promising free tokens, exploiting each communities.
- Avalanche resolved their subject inside an hour, whereas ZKsync’s breach stays unaddressed.
Over the weekend, the blockchain neighborhood was rocked by a collection of Discord server compromises that started with Polygon and rapidly unfold to Avalanche and ZKsync.
The incidents, which concerned the distribution of malicious hyperlinks promising pretend token distributions, spotlight a rising development of safety breaches focusing on cryptocurrency initiatives. These assaults not solely undermine belief but additionally pose vital dangers to customers’ belongings.
Phishing hyperlinks shared after Avalanche Discord compromise
On August 25, Avalanche’s official Discord server was compromised, with attackers posting fraudulent hyperlinks claiming to supply free AVAX tokens.
The official Avalanche account promptly alerted customers to keep away from interacting with or clicking on any hyperlinks shared within the compromised server. Screenshots from members of the Avalanche neighborhood revealed the character of the rip-off, which promised sham “distribution” schemes for AVAX tokens.
Avax discord trying sus…disabled chat in all channels and an announcement about “claiming Avax from the foundation”
My recommendation?
…don’t click on something in that discord for some time… pic.twitter.com/x9MLy4vPeX
— Stog Chog🔺 (@stogchog) August 25, 2024
Avalanche’s neighborhood lead, Ben Nicely, reported that the problem was recognized and resolved inside an hour, with efforts underway to revive regular server operations.
UPDATE: The official Avalanche Discord has been resecured and can reopen when CMs deem acceptable. https://t.co/bMwSI87TAs
— Avalanche 🔺 (@avax) August 25, 2024
Regardless of the swift response, the incident raised considerations in regards to the vulnerability of main blockchain initiatives to related exploits.
ZKsync Discord hit by simultaneous assault
The safety breach at Avalanche was shortly adopted by one other incident, this time affecting ZKsync. Simply an hour after Avalanche’s compromise, ZKsync’s Discord server was additionally breached.
Attackers used the identical tactic of disseminating pretend hyperlinks, this time promising customers free ZK tokens by a bogus “round 2 airdrop” scheme.
Though ZKsync has not but formally addressed the exploit on social media, a number of workforce members have acknowledged the problem on their Discord channels.
Crypto Discord server assaults on the rise
The current assault on Polygon, Avalanche and ZKsyncs’ Discord is a part of a troubling development of high-profile breaches within the crypto neighborhood.
On March 25, 2023, CertiK uncovered a phishing rip-off on Arbitrum’s Discord, which exploited a compromised developer account to unfold a malicious hyperlink.
Equally, on Could 5, the Gnus.AI community suffered a Discord-related exploit, leading to a $1.27 million loss.
This sequence of breaches underscores a troubling sample of coordinated assaults focusing on outstanding blockchain platforms. The assaults, which contain phishing schemes and fraudulent token distributions, not solely threaten particular person customers but additionally compromise the integrity of the affected initiatives.