Hackers scammed $1.1m through fake game NFT-minting platform

By Raffaele Redi

Animoca Brands said the company will cover victims’ losses

Evan Auyang, president of Animoca Brands, talks on stage during the Hong Kong FinTech Week 2021 at the Hong Kong Convention and Exhibition Centre, Hong Kong, China                                 
Evan Auyang, president of Animoca Brands, pictured speaking at a fintech event in Hong Kong a few weeks ago. The scam hit Animoca subsidary Blowfish Studios’ Discord users via 1,571 fake-minting transactions over about three hours – Photo: Shutterstock

Owner Animoca Brands has recently issued a press release to inform users of a hack to the Discord server of its popular videogame, Phantom Galaxies, which occurred in the early hours of 19 November. 

Apparently, the hack appeared to be limited to the Phantom Galaxies game’s Discord server, where the hackers scammed ethereum (ETH_ tokens worth ETH 265 (or about $1.1m) by using a fake non-fungible token (NFT)-minting platform. Discord users were then scammed via 1,571 fake NFT-minting transactions for a period of about three hours.

The fake NFT-minting platform allegedly charged users an ETH0.1 minting fee that did not actually mint anything but instead immediately transferred the funds to the scammers’ Ethereum wallet addresses. 

Phantom Galaxies is an online game developed by a Sydney-based Animoca Brands subsidiary, Blowfish Studios, which has a Discord server user base of approximately 94,000 members.

Animoca’s comments

According to Animoca, there is no evidence that smart contracts were compromised, and no funds were stolen from the game or its developer and publisher.

Animoca Brands  has said the company will cover losses and will reassure the victims with upcoming details. The company also said Admin and Moderator access to the Phantom Galaxies Discord server is secured by two-factor authentication (2FA) as part of standard company-wide security measures.

In the past, Phantom Galaxies has issued various server-wide notices explaining that the game and its developers will never offer any unannounced ‘stealth’ or ‘surprise’ drops or mints, and that any offers to players will always be based on schedules shared with users well in advance.

Details and timing of the hacking incident

According to Animoca, unknown hackers gained access to the official Discord account of Phantom Galaxies and took over the game’s Discord server in the early hours of 19 November 2021.

At approximately 3:40am Australian Eastern Daylight  Time (AEDT), some members of the senior management of Animoca Brands, Blowfish’s parent company located in Hong Kong, became aware of the scam on the Discord server and of the fraudulent website. The local time in Hong Kong was 12:40 am, three hours behind Sydney, Australia, where Blowfish is based.

By this point, the hackers had already taken control of the Discord server and restricted access to everyone else. Animoca Brands attempted to reach Blowfish’s management to get further clarity on the situation and coordinate a response, but these attempts were unsuccessful due to the late hour in Australia. 

“Investigation later revealed that the hack was enabled by a malware bot that compromised the two-factor authentication for the Admin account of the Discord server of Phantom Galaxies,” explained Animoca.

It added: “Once in control of the Discord server, the hackers banned all staff accounts, as well as all accounts of advisors and community moderators.

“At approximately 3am [AEDT], the hackers began to post fraudulent announcements on the Announcements channel, claiming that the game was launching an immediate surprise NFT-minting event – a stealth mint.”

The hackers then directed users to a fraudulent website that purported to be a Phantom Galaxies NFT-minting platform charging users an ETH0.1 minting fee for an NFT.  However, the company explained, the platform “did not actually mint anything and simply transferred the funds to the scammers’ Ethereum wallet address”.

The Etherscan entry for the crypto wallet that was used in this scam is: https://etherscan.io/address/0x5b54e19f06f8FB4B28eE2c6958E55F4580F64ae1

At 3:58 am AEDT, Animoca Brands’ executive chairman and co-founder Yat Siu tweeted an alert from his Twitter account, tagging the official Phantom Galaxies Twitter account.

Animoca’s swift response and remedial efforts

Animoca Brands then notified available Telegram group moderators, who posted alerts about the scam across the company’s various Telegram groups starting at around 3:45 am AEDT.

“In the early morning in Australia, Blowfish took over management of the incident from Animoca Brands and immediately launched an investigation. An emergency meeting was convened to review the situation and discuss the next steps,” said the company.

“After a review of the situation, Discord returned control of the affected Discord server to Blowfish and the server is now operational.”

The company has since stated that its intention to cover all financial losses of each of the scam’s victims: “Animoca Brands and Blowfish will cover the losses of all victims of this scam, being ETH265, or approximately US$1.1m.

“The exact nature and mechanism of the compensation will be determined after discussions with the Phantom Galaxies community, but it will involve transfers to users to cover the amounts stolen by the hackers or the delivery of equivalent value. More information will be provided in the game’s official channels.

“Animoca Brands and Blowfish apologise to all those affected by this incident. We care deeply about our users and wish to assure them that we are taking steps to further increase security and prevent such incidents in the future. This includes holding in-depth reviews with our security experts, external consultants, and Discord security personnel.”

Animoca Brands is also instituting a group-wide assessment of security measures.

Further reading

The material provided on this website is for information purposes only and should not be regarded as investment research or investment advice. Any opinion that may be provided on this page is a subjective point of view of the author and does not constitute a recommendation by Currency Com Bel LLC or its partners. We do not make any endorsements or warranty on the accuracy or completeness of the information that is provided on this page. By relying on the information on this page, you acknowledge that you are acting knowingly and independently and that you accept all the risks involved.
iPhone Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image