I have for the first time this month heard on CNBC the mention of Discord attacks on nft projects and moderators scams with how much they have cost members.
If you have spent anytime on Discord you know that projects when you join them on any various topic Discords you will get direct messages saying you won a whitelist (meaning a pre sale spot for nft) like the picture on this post or that you have won a crypto coin of a new coin yet to be released or one just released and sometimes the old standard bitcoin or ethereum.
There have been variations of this scam much like twitter have had variations of scams that hacked celebrity accounts like Elon Musk and said to send coins and any sent will be able to buy a discount nft, or have entry for giveaways, or that they were wanting to give back to the community and any coins sent double the coins would be sent back. If you have not done crypto this will sound bizarre I understand but if you have done crypto for awhile you understand what an airdrop is and that new coins being released have given away their coins to community members for helping them get started and for the support sometimes over years communities being built so it wasnt uncommon that this could take place.
Just this past Christmas eve a new coin dropped to people that spent money on gas fees at the time it was thousands of dollars worth of coins to those that had bought a fair amount of nfts https://decrypt.co/89325/sos-token-aidrop-opendao-opensea-what-you-need-to-know-explainer just one example
There was another layer to these Discord scams
The scammers know the system of nfts with Discord and they would get access to a moderators account to post under the channels in the announcements saying hurry to this link to mint the rare nft limited number available and the site would have a hidden mask site address and interact with a different contract that would drain all of your coins from your wallet and or nfts from you interacting with the smart contract.
So Discord has had a need for security bots, bad news on that the captcha bots and collab land bots which verify your ownership of a certain project nft to allow you access to private channels (thats where sports stars and movie stars with their projects chat with fans with an ask me anything) those security bots have also been hacked before via third party apis, webhooks and various developer plug ins.
Yet another advancement with the scammers, they will clone the moderators profiles so people that spend time in the Discord know the screen name and answer the direct messages thinking its the moderators who run the Discord Server. These scammers also join the Discord so it will show on their profile you share the same Discord with them.
Discord have now added the report spam button and they are making advancements on security settings for the moderators. I have a personal server that I setup on Discord to get behind the scenes look at how things work.
I have written about other scams here