This tactic is particularly effective as users may still have old invite links saved in announcements, websites, or social media posts, inadvertently leading them to attackers’ servers instead of legitimate ones. In January 2025, investigators found that members of a prominent cryptocurrency community were being targeted when attempting to access Discord support servers from legitimate Web3 websites. “Even if a phishing site is discovered through victim reports, this is not a major impediment for the attackers as they proactively rotate their phishing domains every few days,” explained Check Point researchers. The campaign has victimized over 30,000 users and resulted in losses exceeding $9 million over the past six months alone, revealing the continued operation of the notorious Inferno Drainer despite its claimed shutdown in 2023. Instead of reaching genuine support channels, users were redirected to servers containing fake Collab.Land verification bots. After connecting their wallets, users are prompted to sign transactions that appear legitimate but actually permit attackers to drain their crypto assets. Elastic has disclosed a critical security vulnerability in Kibana, its popular data visualization platform, that could allow attackers to execute arbitrary code. CheckPoint researchers discovered that attackers are combining social engineering with Discord’s platform features to create highly convincing scams. Collab.Land is a legitimate service widely used in crypto communities to verify wallet holdings and grant access to exclusive channels. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. “The entire scenario was convincingly realistic and capable of deceiving even experienced users,” noted the researchers in their report. The fake verification process directs victims to a phishing website that closely mimics the legitimate Collab.Land interface. The combination of technical sophistication and convincing social engineering continues to make these attacks successful despite advances in wallet security and anti-phishing solutions. A sophisticated phishing campaign that targets cryptocurrency users through Discord. Many Discord servers use custom URLs (e.g., discord.gg/projectname) that become available for anyone to claim if a server loses its boost status. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. One effective method attackers use is hijacking expired vanity invite links. “Attackers can monitor and wait for high-value vanity links to expire.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 07 May 2025 11:34:58 +0000