Sky Mavis to reimburse Axie players affected by hack

One of Axie Infinity‘s support-staff accounts on Discord recently got compromised and was used to elaborate a scam that has impacted several Discord servers. Through fake announcements, users were tricked into clicking links sent by a hacked Discord Bot that contains a fake website.

Axie Infinity, however, shared an overview of what occurred and the steps they are taking to fix the situation.

Aleksander Larsen (Psycheout) of Axie Infinity posted an official statement on Discord regarding the fake announcements by the hacker. Psycheout also shared how their support staff’s account was hacked:

The attacker tricked their support staff to share his screen and inspect his Network tab (in Chrome), which led to the attacker gaining access to the support staffer’s Discord account, despite 2-factor authentication being enabled. The attacker then created a fake Axe Infinity branded webpage and used a Discord bot to spam the link on all of Axie Infinity’s Discord announcement channels announcing an exclusive sale. 155 players clicked on the link and attempted to buy Axies, which was a scam.

“Those who interacted with the smart contract lost the money they sent. We have reviewed the smart contract and concluded that it does not impact their seed phrases. Nonetheless, we recommend that everyone who interacted with the smart contract go to: https://etherscan.io/tokenapprovalchecker and revoke access to this site immediately,” Psycheout also said in the announcement.

Furthermore, Axie Infinity assured its users that the company is taking security seriously and is committed to:

• Reimbursing everyone who lost their funds due to this announcement. No need to report if you lost funds – we are scanning the blockchain directly.
• Reducing the number of people who can tag everyone on the Discord server.
• Contacting Discord and assisting them in addressing this security flaw.
• Reviewing security practices with all team members.

Source: Axie Infinity

Leave a Reply

Your email address will not be published. Required fields are marked *