An X user, who is known as Princess Hypio, has said that $170,000 in crypto and NFTs were lost to a scammer. The scammer had infiltrated a Discord server and pretended to have mutual friends.
Last month, her followers were told by crypto user and NFT artist Princess Hypio that $170,000 in crypto and non-fungible tokens were lost after a scammer had her convinced to play a game with them on Steam.
While she was “mindlessly” playing with the scammer, her funds were secretly being stolen, and her Discord was being hacked. The same tactic was used on three of her other friends, as was written by her in a post on August 21 on X.
It turns out that the tactic has been around for a while, and it is known by some as the ‘try my game’ scam. This is a scam that has been reported about by users for years in different forms.
“Try My Game” Scam: What You Need to Know
The crypto version of the scam involves a hacker joining a Discord server or group, lying in wait, and learning about how users interact with each other. That information is later used to have trust gained.
More Read
Users are then asked by the hacker if they own crypto or NFTs. Interest is often feigned to have questions asked and to gauge what digital assets they might own. In Princess Hypio’s case, a Milady NFT was owned by her, which resulted in her being targeted.
After a target with crypto is identified, victims are invited by the hacker to play a game. A link is sent to a server that has Trojan malware, which provides access to user devices. This allows personal information to be stolen and any connected wallets to be drained.
In Princess Hypio’s case, the ploy involved having her convinced to download a game on Steam by offering to have it bought for her. The game itself was safe, but the server on which the game was being hosted was malicious.
More Read
$170,000 in crypto and NFTs were lost by her from the attack, she said.
It comes only days after its deceptive practices policy explainer was released by Discord. The explainer warns that promoting or carrying out financial scams on the social platform violates the terms of use.
It was said by Percoco that ‘These scams do not exploit code; trust is exploited by them. Friends are impersonated by attackers, and people are pressured into taking actions that they normally would not take.’
“The biggest vulnerability in crypto is not code, it is trust. Scammers exploit community spirit and curiosity to take advantage of good intentions.”
Attackers embed themselves in communities, learn the culture, mimic trusted friends, and then strike, he said.
It was told by Gabi Urrutia, chief information security officer at cybersecurity firm Halborn, that the scam combines social engineering with malware. While it is not “very sophisticated,” it is insidious because of the “abuse of trust among members of a community.”
It was said by him that it is not as important as traditional phishing in volume, but it is more and more frequent in Web3 and gaming communities, where a mix between pair-to-pair trust and high-value assets is seen.
More Read
“The key here is the psychological manipulation: the attacker starts to be part of the community, learns the slang and introduces himself as a friend of a friend.”
Scams Go Mainstream: The New Threats Beyond Crypto
In February, it was posted to the Malwarebytes forum by a user under the handle RaeTheRaven that they had fallen prey to the ‘infamous scam’ after a link was sent by someone they thought was a friend. A Reddit forum that was started in July also had a warning about scams targeting gamers.
It was said by him that the best way to avoid being snared is to have a “healthy skepticism,” and that identities should be confirmed through another channel. Running unknown software should be avoided, and it should be remembered that “doing nothing is safer than taking a risky step.”
“If something feels rushed, generous, or too good to be true, it almost always is. Do not trust, verify.”
Urrutia said that defense against this scam involves very specific habits. Such habits include stopping to think before anything is signed, privileges being kept to a minimum, and avoiding using the same device for gaming and managing wallets.
He added that from the community side, much also needs to be done. This includes direct messages from strangers being limited, new members being verified, and the security culture being strengthened. Ultimately, the big challenge isn’t technological, but cultural.
Fake Recruitment Scams: The New Front in Crypto Fraud
However, it was also said by Percoco that while the Discord scams are on the rise, a more widespread trend in crypto currently involves fake recruiters.
In a recent June case, job seekers in the crypto industry were targeted by a North Korea-aligned threat actor. Malware was used that was designed to have passwords for crypto wallets and password managers stolen.
It was said by Percoco that while ‘Discord impersonation is rising quickly, the most widespread trend being tracked today is fake recruitment campaigns.’ In these campaigns, victims are lured with job offers and are tricked into clicking phishing links.
Meanwhile, it was said by Urrutia that the largest volume of scams being seen by Halborn involves blind signing, approval phishing, and similar, but they are all “evolutions of the same idea: not to have the key stolen by force, but to get the user to voluntarily hand it over.”
”A recent and highly publicized case was the Bybit attack, where attackers took advantage of blind signatures and poor permission management to drain funds.”
