- Beeple, a popular NFT artist, tweeted Monday that links pointing to his Discord server have been compromised.
- He claimed that the links pointed to a malicious copycat server, which could steal users’ assets if they connect a wallet for verification.
High-profile NFT artist Mike “Beeple” Winkelmann said today that links that point to his Discord server have been hacked and altered, instead redirecting fans and followers towards a fake copycat server that could swipe the NFTs and tokens from users that interact with it.
“It appears our Discord URLs were hacked to point to a fraudulent Discord,” he tweeted. “DO NOT go into that Discord and do not verify, it will drain your wallet!!”
Beeple is a well-known digital artist whose March 2021 sale of Ethereum NFT “Everydays: The First 5,000 Days” set the record for top all-time single NFT sale at $69.3 million. His other work includes last year’s “HUMAN ONE,” a hybrid digital/physical piece, which sold for $28.9 million at auction.
it appears our discord URLs were hacked to point to a fraudulent discord. DO NOT go into that discord and do not verify, it will drain your wallet!!
once again massive thanks again to discord for being garbage. 👍
— beeple (@beeple) October 3, 2022
Beeple’s server is designed for collectors of his NFT work, and based on his tweeted comment, it appears that it requires verification of ownership by connecting an Ethereum wallet holding one of the eligible NFTs. Should a user connect that wallet to this malicious copycat server, the perpetrators could potentially steal any NFTs or tokens held within the wallet.
Such scams have accelerated in number in recent months as attackers use hijacked accounts to spread malicious “wallet draining” links. Many notable projects and artists have faced such hacks on Twitter—including Beeple himself in May—but these scams have also been perpetrated on Discord and Instagram as well.
When a user connects to the smart contract—that is, the computer code behind NFT projects and decentralized apps—and allows broad access permissions to what they believe is a trusted application, they may inadvertently let attackers steal assets from their wallet.
Beeple did not note any specific examples of users claiming to have been impacted by the malicious Discord links. Decrypt reached out to representatives for Beeple but did not immediately hear back. In an emailed statement, a Discord spokesperson told Decrypt: "Discord takes the safety of all users and communities very seriously. We are always working to combat fraudulent behavior on our service, and continue to invest in education and tools to help protect our users."
While many Web3 projects and creators use Discord as a way to build community and interact with supporters, the gaming-centric chat service has also become a punching bag from outspoken creators and collectors that have been impacted by such scams.
“Once again, massive thanks again to Discord for being garbage,” Beeple included in his tweet today. In June, Bored Ape Yacht Club co-creator Gordon Goner (a.k.a. Wylie Aronow) shared his own view after the project’s Discord was compromised, tweeting, “Discord isn’t working for Web3 communities. We need a better platform that puts security first.”
Days later, Citron tweeted that Discord had “no current plans to ship this internal concept.” Currently, Discord servers rely on third-party automated wallet verification services (bots) instead of Discord-provided tools.
Editor's note: This article was updated after publication to include comments from a Discord representative.