- Cardano DeFi protocol Liqwid Labs’ Discord server is compromised.
- Hackers promoted ADA airdrops.
- Liqwid Labs and community members were quick to act.
Hackers continue to run rampant in 2023. After stealing over $100 million in April and over half a billion dollars over the year, there are no signs of scams and attacks slowing down.
In the latest attack, Liqwid Labs, a DeFi protocol operating on Cardano, fell prey to malicious actors who have taken over the company’s Discord server.
Liqwid Discord Compromised
On Thursday, May 11, Cardano DeFi protocol Liqwid Labs reported that hackers compromised their Discord server. The company warned users only to click links or engage with the forum once they resolved the issue.
While the server was compromised, malicious actors promoted fake Cardano (ADA) airdrops on different channels via Liqwid Labs’ admin accounts. They also instantly banned community members who alarmed others about the scam. However, despite their nefarious efforts, community members warned everyone, including developers, about the issue.
At press time, Liqwid Labs has regained access to its Discord. The DeFi protocol shared that it plans to implement better security measures, such as switching to a dedicated “cold admin” account for server administration. This will remove admin privileges on user accounts for existing admins, decreasing the risk of such incidents again.
The hack wasn’t extraordinary or sophisticated; instead, it is common in the industry.
What Happened and How to Stay Safe
The cryptocurrency sector is plagued with hackers and scammers looking for their next victim. Most malicious actors rely on phishing crucial information from users to gain access. Such is the case with the Liqwid Labs.
An admin’s user token working at DeFi protocol clicked a malicious link, which resulted in hackers gaining access to the account. The actors bypassed two-factor authorization (2FA) and other security measures by compromising the token.
Such hacks are widespread, so here are a few tips on how you can steer clear of them:
- Protect your recovery phrase by keeping it somewhere private.
- Double-check links, websites, and emails. Refrain from clicking any link unless it’s from a verified source. If the verified source has been compromised, take up the issue with other users and look for warnings and red flags.
- Ask for help from officials, and prioritize your safety and security.
- Verify and scan all addresses, such as contract, sender, and others, before doing anything permanent.
- Report any suspicious activity to the concerned departments as soon as possible.
- Set up additional security layers, such as two-factor authentication.
- Always do your own research.
On the Flipside
- An ongoing unidentified wallet-draining hack has stolen over 5,000 ETH or approximately $10 million from reasonably secure users.
- Hackers have been hacking AT&T emails to bypass 2FA measures and steal users’ cryptocurrencies.
- In April 2023, hackers successfully stole over $100 million from users, bringing the total year-to-date crypto scam-related loss to almost half a billion dollars.
Why You Should Care
Hacks are still prevalent in the crypto sector and rising by the day. Users should Liqwid Labs’ incident take as a warning call and set up necessary security measures to protect themselves.
Read how Hackers are stealing crypto from AT&T users:
Hackers Steal AT&T Users’ Crypto Assets by Exploiting Their Emails
Talking about security, Microsoft and other leading firms are working on a new blockchain:
What is Canton Network? Microsoft, Goldman Sachs, Others’ New Blockchain