A phishing technique circulated on Discord servers — attackers embed malicious links in messages.
Scammers can now hide links in any discord text ☠️
Watch out for hidden wallet drainer links
e.g. ? pic.twitter.com/mgqG18sOF9— Pocket Universe ? (@PocketUniverseZ) September 4, 2023
Analysts at Pocket Universe noted that the social platform displays a warning when following the link, but inattentiveness creates a risk of losing funds.
According to some users, the link-integration feature has appeared on Discord recently, although other social networks already support this capability.
According to Forta Network researcher Kristian Zaifert, this fraud method has long been “feeding criminals”.
“Whatever the platform creates, there will always be a hacker ready to find a way to break it. Text hyperlinks are a feature supported as part of HTML, and they have been a source of phishing attacks since the early days of the Internet,” the expert added.
He also noted that Discord provides the destination URL after a user clicks on it. However, the platform allows users to “trust” the domain in the future, which criminals may exploit.
CertiK’s chief security officer, Hugh Brooks, urged users to verify the authenticity of a site’s address before granting it access to crypto wallets. The analyst recommended using services to check websites for malware, such as PhishTank, Google Safe Browsing and OpenPhish.
For greater security, Brooks advised Discord developers to implement the ability to receive messages only from trusted contacts.
On September 7, a major market maker was subjected to a phishing attack, resulting in the lost $24 million in digital assets.
Earlier, reporters warned that attackers began using URLs of government sites in several countries to mislead users of the non-custodial crypto wallet MetaMask and steal their assets.