Justin Kan’s NFT platform suffers rocky debut as scammer makes off with $150k in user funds

L

Lucas Matney

Guest
Despite billions in VC investment, many Web3 crypto platforms are still pretty hostile places for users new to the crypto world.

Case in point, today Justin Kan’s NFT platform Fractal suffered a security breach when a scammer hacked the announcement bot for the startup’s Discord which sent out a fraudulent link to the platform’s more than 100,000 users, urging them to pay up for a new NFT. The message promised users access to 3,333 commemorative NFTs designed to celebrate the platform’s success, but the link was faked with a URL for fractal.is that swapped an “i” for the “l” taking users to a minting site where funds were taken and they earned nothing in return.

Well, @justinkan's @fractalwagmi is going well…


Their actual Discord Bot was hacked encouraging people to mint 3333 NFTs for 1 Solana (worth $177 each).

But the link is to Fractai, not Fractal… 3294 just lost nearly $600,000 combined. pic.twitter.com/mnSaa0wOnp

— Zach Bussey (@zachbussey) December 21, 2021


All said, it looks like the scammer actually made off with about $150k. The hack took place before the startup ever even launched its platform, which was scheduled to debut this week. The startup, which is backed by Kan’s GOAT Capital fund, has already pledged to pay back users, tweeting that “If you lost your Sol – we will reimburse you. We will announce further updates soon.”


We’ve reached out to Fractal for further comment.

These attacks aren’t particularly unusual, incidentally another Solana-based project called Monkey Kingdom was hacked just hours earlier for more than $1.3 million worth of the cryptocurrency. Both attacks taking place over Discord suggests that the chat platform also has some work to do when it comes to authenticating users.

Fractal seemed to be aware that such an attack, which has already plagued a host of other NFT-centric Discord projects, was possible, if not likely. On Friday, the team set up an “anti-scam” channel in their Discord for users to flag bad actors, with a team member noting that Fractal “will NEVER ask for you to send funds to any address, and there’s NO google form to fill out,” and furthermore that users should “double check spelling of any links you see.”

While Fractal’s team seemed to be looking to coach their users in the right direction, the broader issue is that the underlying incentive structure of the NFT market tends to discourage users from engaging skeptically because drops sell out so quickly and there’s a culture of seizing on any and every opportunity which can be dangerous for less seasoned crypto buyers.

working on one of SOL's biggest airdrops rn

making history

— fractal
❄
(@fractalwagmi) December 15, 2021