Beeple's Discord URL 'hijacked,' directing users to wallet drainer
Non fungible token (NFT) artist Mike "Beeple" Winkelmann has found himself the target of phishing scammers yet again, warning users that the URL link to his official Discord server was “hacked” — sending unaware new members to a wallet draining Discord channel if they follow the link.
In an Oct. 3 post UTC, the NFT artist called out Discord for “being garbage,” warning users not to go into the Discord and verify as it will “drain your wallet.”
it appears our discord URLs were hacked to point to a fraudulent discord. DO NOT go into that discord and do not verify, it will drain your wallet!! once again massive thanks again to discord for being garbage.
— beeple (@beeple) October 3, 2022However, Beeple wasn’t the first to notice the URL slight-of-hand, with Twitter user maxnaut.eth noting in a post hours earlier that the Discord link connected to the Beeple: Everydays - 2020 Collection on NFT marketplace OpenSea marketplace may have been “hijacked.”
The screenshot shared by maxnaut.eth suggests that the URL points to a “CollabLand wallet drainer,” showing a Collab.Land Bot on Discord which directs members to verify account ownership — instead it works to drain their wallets, noting:
"Your Discord URL probably got hijacked and your team didn't update it on OS. You need to change that ASAP or people going to get rekd."While Beeple claims the URLs were hacked and that Discord is to blame, other crypto Twitter community members are arguing that lax security measures are truly to blame.
NFT analyst and blockchain detective "OKHotshot" replied to the artist's announcement, stating the URLs were not hacked but instead alleging: "Mismanagement of discord URLs allows this happen, probably just like it happened to CryptoBatz."
While cyber security firm Black Alchemy Solutions Group commented their belief that it was not "a Discord problem."
"This is a problem with a mismanagement of the Beeple Information Security apparatus. If you haven't already, hire a vCISO (Security Officer), web3 doesn't = Natively Secure."
It appears that the misdirecting Discord URLs have been fixed by the artist, according to maxnaut.eth, noting that it “Seems Beep Man picked it up and has fixed it now."
At the time of writing, the Discord link in the affected Opensea listing also appears to be gone.
Related: 8 sneaky crypto scams on Twitter right now
Beeple's social media and messaging platforms appear to be a popular target for scammers and hackers, having sold some of the most expensive NFTs on record, including the First 5,000 Days, a compilation of 5000 pieces of artwork that sold for $69.3 million.
Elon Musk's spacecraft manufacturer Space X, tech giant Apple, luxury brand Louis Vuitton and other high-profile companies and individuals are all listed as clients on Beeple's website.
In May, a phishing scam netted $438,000 in crypto and NFTs through a hijacking of his Twitter account, linking to a raffle purporting to be related to a Louis Vuitton NFT collaboration.
In Nov. 2021, his Discord was part of another scam, where an admin account was compromised and a fake NFT drop was advertised, netting the scammers an estimated 38 Ether (ETH) worth roughly $176,378.14 at the time.
Beeple did not disclose how many users may have been impacted by the current malicious Discord links.
Cointelegraph has reached out to Beeple but has not received an immediate response at the time of publication.