Discord Hack Wrap Up

Today, we want to talk about an incident that occurred on August 12th, 2023 involving our Discord server. Our aim is to provide:

• An account of what happened

• How we've responded - and, 

• Our plans to prevent such incidents in the future.

The Incident

On August 12th, a Fetch.ai team member's Discord account, who had server owner status, was compromised by hackers. Using automated scripts, the hackers quickly transferred server ownership to their account. This resulted in the immediate ban of our server owner's account due to a violation of Discord's Terms of Service, the violation being the automation of user accounts.

With the server under third party control, the hackers then 'booted' all admins and moderators. They effectively took over the server and started posing as our team members through alternative accounts. All scam messages were sent via new accounts - that were made to look similar to official team members. It's important to note that none of our actual team members sent any of the scam or spam messages that appeared on the server during this time.

Our Response

A number of our team members used DMs to alert users to the hack. We issued a statement to the community via our official channels, removed all links to the old server and set up a new Discord server to draw people away from the hacked server.

We reached out to Discord's support team immediately and continued to follow up on a daily basis. However, we had a very poor response from them both in terms of time to respond and actionable outcomes. Their response time has now slowed to a halt, and we have yet to receive any genuine assistance based on the information we provided. Unfortunately, this seems to be a common problem with Discord with many projects reporting a lack of support.

Community Awareness

Fortunately, most of our community members were quick to spot the scams. There were a number of red flags that prevented many from taking action. The fake messages about an $FET token airdrop didn't match information on our other social media profiles or our website. The links provided by the scammers were not associated with our official site and given that we have not offered an airdrop since our launch, the offer of an airdrop was also quite uncharacteristic, not least because it was offered via Metamask even though FET coin is native to our layer one blockchain.

Despite this, a handful of community members have subsequently reported losses from the fake $FET airdrop. Our findings are that for a loss of funds to occur, Metamask wallet owners had to register for the fake airdrop by making a transaction that permitted third-party access to their wallet by means of an 'allowance spend'. This method is a frequently used Metamask scam that is well documented on their site and for which they have security alert pop ups. This enabled the hacker access to any tokens held within. The contract used by the hacker was connected to multiple mixing wallets, making the tracking of funds from origin to destination impossible when mixed with the allowance spend approval on compromised accounts.

We considered reimbursement as an option but given that wallet access had to be granted by the wallet owner, coupled with the fact that the token trail remains completely obfuscated, we are unable to verify reported losses in this instance. We understand the frustration caused by this event. Fake airdrops are an ongoing battle across the cryptocurrency space and unfortunately, in this instance, we will not be able to ratify reimbursement for those impacted.

Going Forward

After the incident we've reviewed our security procedures and implemented a number of new measures. This incident serves as a reminder to remain vigilant at all times. If you are a community member, please familarize yourself with our rules. New members are prompted to read and accept our community rules, including important information on safety and security, when joining Discord and Telegram and you will find those pinned to our channels at all times along with helpful in-channel security reminders from Cosmobot on TG.

We're incredibly grateful to our community members who acted promptly, warning others and helping to mitigate the impact of the hack. Your support and vigilance were crucial in managing this situation.

Our Commitment

As we progress, our dedication to open communication with our community is stronger than before. We deeply appreciate your ongoing support and wish you a prosperous 2024.