Buyers hoping to get in on the ground floor with Fractal, a gaming-based NFT project by Twitch co-founder Justin Kan, have instead found themselves scammed out of their Solana (SOL) by a hacker. The hack took advantage of hype around the project, using a vulnerability with a Discord bot to send a link that would drain buyers’ wallets of SOL.
As reported by The Verge, the hack took place through Fractal’s official Discord server. Taking advantage of the fact that the Fractal team had been building up hype for its first airdrop–an initial release of NFTs for early adopters–the hacker posted a message in the Discord’s announcement channel posting a link to a supposed NFT drop.
According to an analysis by Tim Cotten, most users in the Discord realised straight away that the message was a fake, but those who were keen to get in on the NFT drop went ahead and clicked on the site’s “mint” button, which asked for 1 SOL to mint each NFT. Users who linked their Solana wallets then found their entire accounts drained.
The Fractal team shut down the announcements channel entirely after only 5 to 10 minutes, Cotten reports, but 373 users still fell victim to the hack, collectively losing over 862 SOL for a value of around $150,000
Fractal has posted an official response to the hack, saying that it will fully compensate anyone who fell victim to the scam–while also boasting that only 0.3% of its community fell for the fake message. The hack has now been linked to exploits involving Discord webhooks, and Fractal has said it’s now in touch with Discord Trust and Safety to do a full audit of its Discord security.
The Fractal team also used this as a reminder for its followers to be careful with all things involving crypto. “If something doesn’t feel right in crypto, please don’t proceed, even if at first it looks legitimate,” the blog post reads. “We must use our best judgement as there’s no ‘undo button’ in crypto.”
While Fractal has reminded its fans that its initial airdrop will be free for early adopters, and verified by founder Justin Kan on Twitter, it’s also warned that “the next exploit might be much larger,” and that Fractal may not be able to compensate for future losses.
Got a news tip or want to contact us directly? Email [email protected]