By Nath Cajuday
Blockchain-based game Phantom Galaxies’ developer’s parent company Animoca Brands assured the victims that the company will cover their losses amounting to 265 ETH or about US$1.1 million during the update it released about the hack of the game’s Discord server that occurred last November 19, 2021.
Phantom Galaxies is an upcoming game that is said to utilize both fungible and non-fungible tokens to provide the first ever “AAA” blockchain-based game experience when it will launch in 2022, and is developed by an Australian-based Blowfish Studios.
The game’s Discord server has approximately 94,000 members.
According to the update report released by Animoca Brands, unknown hackers gained access to the official Discord account of Phantom Galaxies around midnight or early hours of November 19 in Australia time and took over the game’s Discord server.
“Investigation later revealed that the hack was enabled by a malware bot that compromised the two-factor authentication for the Admin account of the Discord server of Phantom Galaxies. Once in control of the Discord server, the hackers banned all staff accounts as well as all accounts of advisors and community moderators,” the report added.
Moreover, at approximately 3:00 am, the unknown hackers began posting fraudulent announcements on the “Announcements Channel”, claiming that Phantom of Galaxies was launching a surprise non-fungible token (NFT) minting event – a stealth mint.
“The hackers directed users to a fraudulent website that purported to be a Phantom Galaxies NFT minting platform. The fake minting platform charged users a 0.1 ETH “minting fee” that did not actually mint anything and simply transferred the funds to the scammers’ Ethereum wallet address at 0x5b54e19f06f8FB4B28eE2c6958E55F4580F64ae1,” the report stated.
According to the company, Phantom Galaxies issued various server-wide notices in the past that the game and its developers will never offer any unannounced “stealth” or “surprise” drops or mints, and that any offers to players will always be based on schedules shared with users well in advance.
“The hack appeared to be limited to the game’s Discord server; there is no evidence that smart contracts were compromised, and no funds were stolen from the game or from its developer and publisher,” the report revealed.
On the other hand, Blowfish Studios’ parent company and Hongkong-based Animoca Brands became aware of the issue at around 3:40 am (AEDT), which was 12:40 am in Hongkong.
And as time passed by, Animoca Brands executive chairman and executive founder Yat Siu then tweeted a series of notices and warnings about the scam happening.
“@the_phantom_g @discord server was hacked and led customers to a fake mint siphoning off funds https://etherscan.io/address/0x5b54e19f06f8fb4b28ee2c6958e55f4580f64ae1,” Yat Siu said in a tweet.
Unfortunately, despite the warnings, the hackers had taken control of the Discord server and restricted access to everyone else for about three hours already.
“Lost 0,4 eth. I was convinced cause the free NFT would be an airdrop too. Finally some usefull info.. however far too late.. 3 hours into a hack. You have a long way to go to regain any form of trust. However we all need to learn from this, lets do better,” a twitter user’s reply to Yat Siu’s tweet thread.
All in all, the unknown offenders stole about 265 ETH (approximately US$1.1 million) from Discord users via 1,571 fake minting transactions over the course of about three hours.
“Animoca Brands and Blowfish apologize to all those affected by this incident. We care deeply about our users and wish to assure them that we are taking steps to further increase security and prevent such incidents in the future. This includes holding in-depth reviews with our security experts, external consultants, and Discord security personnel,” the two companies’ statement about the scam.
The company guaranteed to cover and bring back all the losses during the scam and promised that it is already instituting a group-wide assessment of security measures.
“The exact nature and mechanism of the compensation will be determined after discussions with the Phantom Galaxies community, but it will involve transfers to users to cover the amounts stolen by the hackers, or the delivery of equivalent value. More information will be provided in the game’s official channels,” the report concluded.
Discord had already returned the control of the affected Discord server back to Blowfish and the server is now operational.
Additionally, the company also released a list of recommendations to users for avoiding scams, such as:
- Never trust announcements that play on the fear of missing out (FOMO). It is better to miss out than to get scammed.
- Never trust stealth drop/mint events; these events seek to take advantage of FOMO and should be automatically treated as suspect. Animoca Brands and its subsidiaries do not and will not provide offers based on stealth drops/mints.
- Be extremely cautious of ANY sudden events that require you to part with your funds: genuine events are usually announced in advance in order to allow users to prepare.
- Always check the exact spelling and domain of web addresses that you interact with – there are over 1,500 different top level domain names (.com, .io, .coin, .net, .org., etc.), meaning that a scam could be operated from any variation of a familiar web address.
- Cross-check the legitimacy of any cryptocurrency offering – for example, confirm that the same offering is communicated on the official Twitter, Telegram, and Discord accounts as well as the official website. If something is communicated on a single channel only, then it is reasonable to be suspicious.
- If you have any doubts about an offer, contact the appropriate official account or representative.
- If you have doubts about an offer communicated by an official source (i.e., a hack may have occurred), cross-check it (see above) and discuss it with other members of the community; some of them may already have identified a problem.
This article is published on BitPinas: Animoca Brands to Cover Users’ US$1.1 million Worth of Losses from Phantom Galaxies Discord Server Hack Fraud