The official Discord servers of Avalanche, ZKsync, and Polygon were all hacked in a series of cyberattacks. These incidents are part of a growing trend of Discord-related exploits targeting blockchain networks. Meanwhile, Apple Mac users are being warned about a new malware strain, "Cthulhu Stealer," that is designed to steal cryptocurrency wallets. Additionally, a South Korean police officer is under investigation for alleged crypto-related bribery, and Thai authorities recently raided an illegal Bitcoin mining operation linked to power theft.
Discord Exploits Spread
In the past 48 hours, the official Discord servers of Avalanche and ZKsync were compromised in a series of attacks. This happened not long after a similar breach on Polygon's Discord.
On Aug. 25, Avalanche’s official account on X alerted users about the compromise, and urged them not to interact with or click on any links shared within the server. Screenshots from Avalanche’s Discord showed the attackers posting fraudulent links to fake “distribution” schemes for Avalanche (AVAX) tokens, falsely promising users the opportunity to claim free AVAX. An hour later, Avalanche’s community lead, Ben Well, announced that the issue was identified and resolved, and efforts were underway to restore the server to normal.
However, just one hour after the Avalanche incident, ZKsync’s official Discord was also compromised. Hackers shared malicious links promoting a fraudulent “round 2 airdrop” of ZK tokens, in an attempt to deceive people into interacting with the scam. ZKsync still has to address the breach on X, but several team members already acknowledged the compromise on Discord.
These incidents happened less than 48 hours after a similar exploit on Polygon's Discord, where hackers spread malicious links throughout the server. Polygon’s Chief Information Security Officer, Mudit Gupta, confirmed the breach and also advised users to avoid clicking on any links in the Discord channel until the situation was fully resolved.
Unfortunately, one user who is known as ValidatorK, reported a loss of $150,000 worth of ETH after interacting with what appeared to be an official announcement on Polygon’s Discord.
These attacks on Avalanche, ZKsync, and Polygon only add to a growing list of Discord-related exploits that are targeting blockchain networks. In March of 2023, a phishing scam on the Arbitrum Discord server involved a fake announcement with a malicious link. Additionally, in May, the Guns.AI artificial intelligence network fell victim to a Discord exploit that resulted in a loss of close to $1.27 million.
New Mac Malware Targets Crypto Wallets
Apple Mac users should also keep their eyes open as they are being warned about a new strain of malware called “Cthulhu Stealer,” that is designed to steal personal information and target cryptocurrency wallets. Despite macOS's reputation for security, cybersecurity firm Cado Security shared on Aug. 22 that malware threats to macOS have been on the rise.
The Cthulhu Stealer malware disguises itself as legitimate software, like CleanMyMac or Adobe GenP, in the form of an Apple disk image (DMG). When users open the file, they are prompted to enter their password, and then a second prompt requests the password for their MetaMask wallet. The malware also targets other popular crypto wallets, including those from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet.
Some of the user data that gets stolen (Source: CADO)
Once the passwords are obtained, the malware stores the stolen data in text files and fingerprints the victim’s system, gathering details like the IP address and operating system version.
According to Cado researcher Tara Gould, the main function of Cthulhu Stealer is to steal credentials and cryptocurrency wallets, very similar to the Atomic Stealer malware that targeted Apple computers in 2023. It is believed that Cthulhu Stealer’s developer likely modified the code from Atomic Stealer.
The malware was being rented out for $500 per month on Telegram, however, disputes over payments have reportedly led to accusations of an exit scam by affiliates, causing the scammers to become inactive.
So far, Apple has acknowledged the growing threat of malware targeting its operating systems. On Aug. 6, the company announced an update to its next-generation macOS version that makes it more challenging for users to bypass Gatekeeper protections that are designed to ensure that only trusted applications run on the system.
Police Officer Investigated for Crypto Bribery
Meanwhile, South Korean prosecutors are investigating a senior police officer in Seoul's Gangnam District over allegations that he accepted bribes during a cryptocurrency investigation. The officer is an unnamed superintendent, and is suspected of receiving money from a suspect while investigating a crypto-related case.
The Seoul Southern District Prosecutors’ Office's Virtual Asset Joint Investigation Team, which handles some of the bigger crypto cases, including the probe into the Terra ecosystem collapse, raided the Gangnam Police Station on Aug. 23 as part of the investigation. They seized data related to the investigation and relieved the superintendent of their position.
The investigation has raised some serious concerns among residents and investors in Gangnam, as it is a district known as the crypto heartland of South Korea. It is also home to major crypto exchanges and fintech firms. Gangnam residents are disappointed, and believe that allegations like these undermine public confidence in the police force.
The Virtual Asset Joint Investigation Team was granted special dispensation to handle the case, despite the Gangnam District Prosecutors’ Office not being under the Southern District’s jurisdiction. This decision was made because the Southern District specializes in financial investigations, including those related to crypto assets.
Several police and prosecution officers in South Korea have already faced trials for allegedly taking bribes in connection with a high-profile altcoin fraud case.
Thai Authorities Raid Illegal Bitcoin Mining Operation
Thai authorities raided an illegal Bitcoin mining operation in Ratchaburi, a town west of Bangkok, after numerous complaints from residents about persistent power outages. The raid was conducted on Aug. 23, and was prompted by an investigation that started after residents reported unexplained power failures that started in mid-July.
The Provincial Electricity Authority (PEA) and local police traced the source of the power drain to a single house being used for Bitcoin mining. The mining operation was installed by a company that rented the house for about four months.
According to authorities, while the house’s electricity consumption was unusually high, the payments made for that electricity were suspiciously low. This means that the operators were stealing power to fuel their activities.
Although no arrests were made during the raid, authorities believe the operators fled after realizing their activities attracted law enforcement's attention. The investigation is still ongoing.
Illegal Bitcoin mining has become a growing issue in Southeast Asia, as operators are taking advantage of the region’s relatively low electricity costs to evade the high energy bills associated with crypto mining. In Malaysia, illegal mining operations have stolen an estimated $723 million worth of electricity between 2018 and 2023.
While Thailand has been relatively accommodating toward crypto activities, the Ratchaburi incident could change this. Despite implementing regulations to protect investors and maintain financial stability, the rise in illegal mining operations suggests a need for much stricter enforcement.