In January 2022, the CityDAO project was the victim of a hack.  This attack used the project’s Discord server to trick users into approving transactions that sent money to the attacker.

Inside the Attack

The CityDAO hack is one in a series of hacks that used DeFi projects’ Discord servers for phishing attacks.  The attacker gained access to an administrator’s Discord token via a social engineering attack.  After compromising an administrator’s accounts, the attacker set up an announcement about a fake “land drop” that pointed users to a phishing site.  Using Discord webhooks, the attacker was able to ensure that the announcement would immediately pop up for each user as they logged into the Discord server.

On the phishing site, the users connected their wallets to receive the land drop.  This allowed the attacker to create fraudulent transactions that the users approved which sent assets to the attacker.  In total, about $95,000 in cryptocurrency was stolen in the attack.

Lessons Learned From the Attack

This hack was made possible due to a series of social engineering attacks.  The attacker used social engineering to gain access to the Discord admin’s account and to trick users into connecting wallets and approving transactions on a phishing site.

In the DeFi space, it is important to “trust but verify”.  Before allowing access to a crypto wallet or signing a transaction, make sure that it is legitimate.

Rob Behnke
01.18.2022