Earlier today during their presale event, Monkey Kingdom‘s Discord server was compromised and malicious links pointing to a mirror site were posted in the official announcements channel which led to over 7,000 SOL being stolen from holders.
Announcement on the discord hack pic.twitter.com/1r7svjlZcB— Monkey Kingdom (@MonkeyKingdom_) December 21, 2021
It appears that webhook functionality was enabled for members who should not have had the functionality enabled, this lead to the feature being exploited at the expense of the community.
As Discord puts it: webhooks are “like those fancy pneumatic tube things you used to love sending money into at a bank and watch disappear, but instead of never seeing your money again, you’re actually sending messages into Discord from another platform.”
In this sense and as far as I can tell, the individual who had access to the webhook was able to embed information in a way that made it appear that it was coming from the official team.
Upon finding out about the hack the server was immediately locked down while the team worked to determine the cause of the hack.
This is not an uncommon occurrence; hackers are constantly on the prowl and with the sheer amount of new servers being ran by first time users I’m not surprised to see this happen over and over again.