Animoca Brands update on hacking of Discord server of Phantom Galaxies, will cover users’ losses
24 November 2021 -- Animoca Brands wishes to provide an update about the hack of the Phantom Galaxies Discord server that occurred in the early hours of 19 November 2021, and to reassure the victims of the hackers’ scam that the company will cover their losses (265 ETH, worth about US$1.1 million), with details to be announced shortly.
The hack appeared to be limited to the game’s Discord server; there is no evidence that smart contracts were compromised, and no funds were stolen from the game or from its developer and publisher.
Phantom Galaxies is an upcoming game being developed by the Animoca Brands subsidiary Blowfish Studios, based in Sydney, Australia. Phantom Galaxies will utilize both fungible and non-fungible tokens to provide the first truly “AAA” blockchain-based game experience when it launches in 2022.
Phantom Galaxies has a Discord server with approximately 94,000 members. Admin and Moderator access to the Phantom Galaxies Discord server is secured by two-factor authentication (2FA) as part of standard company-wide security measures.
In the past, Phantom Galaxies has issued various server-wide notices explaining that the game and its developers will never offer any unannounced “stealth” or “surprise” drops or mints, and that any offers to players will always be based on schedules shared with users well in advance.
In the early hours of 19 November 2021, unknown hackers gained access to the official Discord account of Phantom Galaxies and took over the game’s Discord server. Investigation later revealed that the hack was enabled by a malware bot that compromised the two-factor authentication for the Admin account of the Discord server of Phantom Galaxies. Once in control of the Discord server, the hackers banned all staff accounts as well as all accounts of advisors and community moderators.
At approximately 3 a.m. (AEDT), the hackers began to post fraudulent announcements on the Announcements channel, claiming that the game was launching an immediate surprise NFT minting event - a stealth mint.
The hackers directed users to a fraudulent website that purported to be a Phantom Galaxies NFT minting platform. The fake minting platform charged users a 0.1 ETH “minting fee” that did not actually mint anything and simply transferred the funds to the scammers’ Ethereum wallet address at 0x5b54e19f06f8FB4B28eE2c6958E55F4580F64ae1.
In total, the offenders stole about 265 ETH (approximately US$1.1 million) from Discord users via 1,571 fake minting transactions over the course of about three hours.
The Etherscan entry for the crypto wallet that was used in this scam is: https://etherscan.io/address/0x5b54e19f06f8FB4B28eE2c6958E55F4580F64ae1
At approximately 3:40 a.m. (AEDT), some members of the senior management of Animoca Brands, Blowfish’s parent company located in Hong Kong, became aware of the scam on the Discord server and of the fraudulent website.
The local time in Hong Kong was 12:40 a.m., three hours behind Sydney, Australia, where Blowfish is based. By this point, the hackers had already taken control of the Discord server and restricted access to everyone else.
Animoca Brands attempted to reach the management of Blowfish to obtain information about the situation and coordinate a response, but these attempts were unsuccessful owing to the extremely late hour in Australia.
Animoca Brands notified available Telegram group moderators, who posted alerts about the scam across the company’s various Telegram groups starting at around 3:45 a.m. (AEDT).
At 3:58 a.m. (AEDT) Animoca Brands’ executive chairman and co-founder Yat Siu tweeted an alert from his Twitter account, tagging the official Phantom Galaxies twitter account:
That message was then retweeted by the official Animoca Brands account shortly after it was posted.
At the same time, Animoca Brands contacted Discord to report the problem. Starting at around 4:30 a.m. (AEDT), Discord took emergency steps to restrict access to the Phantom Galaxies Discord server and remove the fraudulent posts.
At 5:22 a.m. (AEDT), Yat Siu posted a five-part Twitter thread discussing the incident:
Yat Siu and Animoca Brands continued to tweet about the issue to ensure that as many users as possible could be informed about the problem until the management of Blowfish could come online.
In the early morning in Australia, Blowfish took over management of the incident from Animoca Brands and immediately launched an investigation. An emergency meeting was convened to review the situation and discuss next steps.
After a review of the situation, Discord returned control of the affected Discord server back to Blowfish and the server is now operational.
Animoca Brands and Blowfish will cover the losses of all victims of this scam, being 265 ETH, or approximately US$1.1 million. The exact nature and mechanism of the compensation will be determined after discussions with the Phantom Galaxies community, but it will involve transfers to users to cover the amounts stolen by the hackers, or the delivery of equivalent value. More information will be provided in the game’s official channels.
Animoca Brands and Blowfish apologize to all those affected by this incident. We care deeply about our users and wish to assure them that we are taking steps to further increase security and prevent such incidents in the future. This includes holding in-depth reviews with our security experts, external consultants, and Discord security personnel.
Animoca Brands is also instituting a group-wide assessment of security measures.
Recommendations to users for avoiding scams
Never trust announcements that play on the fear of missing out (FOMO). It is better to miss out than to get scammed.
Never trust stealth drop/mint events; these events seek to take advantage of FOMO and should be automatically treated as suspect. Animoca Brands and its subsidiaries do not and will not provide offers based on stealth drops/mints.
Be extremely cautious of ANY sudden events that require you to part with your funds: genuine events are usually announced in advance in order to allow users to prepare.
Always check the exact spelling and domain of web addresses that you interact with - there are over 1,500 different top level domain names (.com, .io, .coin, .net, .org., etc.), meaning that a scam could be operated from any variation of a familiar web address.
Cross-check the legitimacy of any crypto offering - for example, confirm that the same offering is communicated on the official Twitter, Telegram, and Discord accounts as well as the official website. If something is communicated on a single channel only, then it is reasonable to be suspicious.
If you have any doubts about an offer, contact the appropriate official account or representative.
If you have doubts about an offer communicated by an official source (i.e., a hack may have occurred), cross-check it (see above) and discuss it with other members of the community - some of them may already have identified a problem.
About Blowfish Studios
Blowfish Studios, a subsidiary of Animoca Brands, is an award-winning Sydney-based developer and publisher of high-quality multi-platform games, including Qbism, Siegecraft, Morphite, Projection: First Light, and Storm Boy. It is currently developing Phantom Galaxies. For more information visit www.blowfishstudios.com.
About Animoca Brands
Animoca Brands, ranked in the Financial Times list of High Growth Companies Asia-Pacific 2021, is a leader in digital entertainment, blockchain, and gamification that is driving digital property rights via NFTs and gaming to help build the open metaverse. It develops and publishes a broad portfolio of products including the REVV token and SAND token; original games including The Sandbox, Crazy Kings, and Crazy Defense Heroes; and products utilizing hundreds of popular intellectual properties including Formula 1®, Disney, WWE, Power Rangers, MotoGP™, and Doraemon. The company has multiple subsidiaries, including The Sandbox, Blowfish Studios, Quidd, GAMEE, nWay, Pixowl, Bondly, and Lympo. Animoca Brands has a growing portfolio of more than 100 investments in NFT-related companies and decentralized projects that are contributing to building the open metaverse, including Axie Infinity, OpenSea, Dapper Labs (NBA Top Shot), Bitski, Harmony, Alien Worlds, Star Atlas, and others. For more information visit www.animocabrands.com or follow on Twitter or Facebook.
Global contact: firstname.lastname@example.org