The attack worked by compromising the Discord account of a moderator, a core-team member and early investor who goes by Lyons800. They detailed the angle of attack in a Twitter thread the following day. First, the attacker posted a doctored screenshot showing a conversation with Lyons800 in another Discord server, claiming that he was scamming people there. Lyons800 offered to prove it wasn’t him and got on a voice call with the scammer, who convinced the moderator to let them inspect their console. From there, the scammer obtained Lyons800’s Discord authentication token that let them hijack the account. In a tweet, Lyons800 described this as “a ridiculous security breach from Discord.” From here, the scammer launched a webhook attack to exploit CityDAO and BaconDAO — a group that describes itself as an “investors guild” that educates its members — where Lyons800 is a co-founder. Webhooks are best thought of as tools that connect Discord servers to other websites, and are often used to send automated messages and updates.
Read more of this story at Slashdot.