Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to reports, someone pretended to be a Cryptovoxels official to conduct a phishing attack, induced users to authorize, stole multiple NFTs (including Cryptovoxels Parcel Token, Art Blocks: BLOCKS Token, Mutant Ape Yacht Club: MAYC Token, etc.), and then sold them on opensea. It is reported that anonymous attackers used a vulnerability in the Discord bot to manage to direct community users to phishing sites on the official Cryptovoxels Discord channel. The attacker's address is 0x794ca38bc1e15e528a7991ce25707a25ad71b675. Attack method (per SlowMist): Phishing Attack. Reported loss: 50 ETH.
- chain
- —
- protocol
- Cryptovoxel
- bug_class
- phishing
- date_occurred
- 2022-03-28
- loss_usd
- —
- source_id
- sm:cryptovoxel::2022-03-28