Ad
News
Axie Infinity targeted in another hack, this time via discord bot Axie Infinity targeted in another hack, this time via discord bot
๐Ÿšจ This article is 3 years old...

Axie Infinity targeted in another hack, this time via discord bot

Axie Inifinity announced that hackers compromised the MEE6 Bot to add permissions for a fake Jiho account.

Axie Infinity targeted in another hack, this time via discord bot

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Axie Infinity has announced on its Twitter page that there was a compromise of the MEE6 bot on its Discord server. The MEE6 team has denied that there was an attack on its bot.

The MEE6 bot is quite popular on Discord, with many servers using it for automating messages and other functions.ย 

Axie Infinity said on May 18 that the attackers compromised the bot and used it to add permissions for a fake Jiho account which they subsequently used to post a phony mint announcement.

Fortunately, the developers discovered it quickly. They removed the compromised bot and deleted the messages. According to the gaming platform, itโ€™ll never do a surprise mint and usually announce all such events on Twitter, Facebook, Discord, and Substack.

However, it also said that some users might still be able to see the deleted messages until they restart their Discord. At least one user claims to have lost an NFT and Domain due to the hack.

Axie says others suffered same exploit

Axie Infinity stated that the compromise isnโ€™t particular to its server and that many servers with MEE6 Bot have faced similar issues before. Cool Cats, RTFKT, PXN, PROOF/Moonbirds, and Memeland, have all reported a compromise of their admin accounts due to the bot.

According to those familiar with Discord security, the hackers likely attacked admin accounts first. Then they created a reaction role feature from the MEE6 bot, which the admin role to another account.

By doing this, they could send webbook messages without revealing the compromised administrator account.

MEE6 denies any hackย 

MEE6 has denied the claim of a compromise on its Discord server. It said there was no compromise of any NFT community due to its bot.

โ€œWe have not been contacted by any real community owners at the time of this message, nor via Discord or any other Support Communication Channels. We have checked the situations with our engineers, and no data of unusual activities have been spotted,โ€ the statement reads.

Axie Infinity recently suffered an exploit where hackers stole more than $600 million in its native token AXS. The token has struggled since the exploit, even after the company raised new funds to refund the users.

Usersโ€™ confidence has dropped and continues to go down due to delays and increasing security concerns. AXS is currently trading at $21.6 from an ATH of $164.9 in November 2021.

Posted In: Hacks