Anyone venturing into the fearsome jungle of NFTs and play to earn NFT games has to be aware that there are real dangers out there. Scammers and hackers are continual threats.
The community platform of choice is Discord. All projects have presence on the usual social media apps, and they love any attention these can bring either through their own efforts, or the efforts of ‘influencers’ shilling for them (usually for a fee). But, the communities live on Discord servers. The servers have all the up-to-date information about the given project, useful links and chat channels. All of this is very convenient, and honestly way too addicting, but also has proven to be a major point of security failure.
It seems like every week I hear of (or witness) a Discord server hack. This is troubling for all the usual reasons but with the added danger of potentially compromising wallets.
To understand this you need to understand how web3 works. Web3 lives on a blockchain, but it is how individuals interact with the blockchain that is the vulnerability. A blockchain stores records of asset ownership tied to addresses. The unique addresses correspond to ‘wallets’ for holding these assets. This is how the world (and your wallet) knows you own digital assets like cryptocurrencies or NFTs. If your wallet is compromised, all of the assets tied to that wallet are also compromised. Whenever someone interacts with a decentralized app (dapp) he/she generally grants some permissions through his/her wallet. If these permissions are coopted by nefarious individuals, or if the once safe links are now under the control of these individuals to re-route to their sites, bad things can happen.
Just yesterday I witnessed in real time the hack of the Discord server for a very popular play to earn NFT project called Polyfarm. People were directed to a new dapp site to mint new NFT’s. At first, people in the know tried to warn others, but they were quickly banned, and their posts deleted. In very short order all chat was closed, and announcements for the mint were going out to every member of the server. Unfortunately, several people fell victim to this scam, but it appears that the damage has been minimal. Anyone who participated in the fake mint was wise to disconnect their wallet from all sites and revoke all permissions. But this danger, and many more, exist out there for anyone venturing into the web3 space, and are one more glaring example illustrating that there is much work to be done before any reasonable expectation of widespread adoption.