MEE6 Employee Account Compromised, Technical Systems Not Breached
Update: MEE6 confirmed in a later statement that an employee's account was compromised, allowing unwanted messages to be placed in Discords that had the MEE6 bot installed. There was no breach of the MEE6 bot or MEE6 technical systems.
Late on Tuesday night, multiple NFT Discord communities - like PROOF and RTFKT - were temporarily compromised.
The source of the compromise was initially reported to have been the MEE6 bot, a popular Discord addition that enables communities to create custom commands and more.
However, as of early Wednesday morning, the MEE6 team is insisting there was no security breach of the MEE6 bot.
Thank you for your trust in our brand.
— MEE6 (@mee6bot) May 18, 2022
I'm pleased to announce that MEE6 has NOT been hacked.
We take our security very serious by always implementing the most top-notch security technologies available in the industry.
This way we keep your data secure!
~MEE6 Team
So What Happened and Who Was Affected?
Details are still emerging about exactly how each Discord was compromised, but many theories are circulating on Twitter and many remain skeptical that MEE6 was not compromised.
One such skeptic is Serpent, the founder of Sentinel, a Discord and crypto threat mitigation system. Initially, as details rolled out on Tuesday night, he indicated that while it may be true the MEE6 bot was not hacked, something else must be awry.
He went on to say that it would not be surprising if the attacks were briberies, should there not be proof of compromised administrators.
But then more reports of compromised communities kept coming out.
At the time of writing, the following NFT communities have confirmed they were affected by last night's security breach. There are many others not listed.
- PROOF/Moonbirds
- RTFKT
- Cool Cats
- Alien Frens
- Phantom Network (PXN: Ghost Division)
- Axie Infinity
Since learning more about the widespread nature of this attack, Serpent has changed his tune.
I'm leaning towards MEE6 being compromised. Too many high profile servers being hacked.
— Serpent (@Serpent) May 18, 2022
Other security-focused Twitter users have suggested while it may be true that MEE6 has not been compromised, the hacks are a result of compromised Discord moderators or administrators.
After a community's administrator is compromised the hacker can use MEE6 features to post messages and fake links into the Discord communities.
Here's one potential example shared by Twitter user 777Skits:
1/8🧵thread time:
— Skits (@777Skits) May 18, 2022
"MEE6 Hack" &
"New Account Hacking Method"
The recent discord hacks utilizing MEE6 and compromised admin accounts:
New account hacking method below:
The thread goes into great detail about advanced social engineering which tricks unsuspecting users into providing their Discord token to the hacker.
The token acts as a key, allowing the malicious actor to go around two-factor authentication and other security measures, and utilize the Discord account freely.
How Do You Stay Safe?
Until more clarity is provided regarding the circumstances of the attack, the best way to stay safe as a Discord user is to not click any unknown links in any Discord communities that have confirmed they were compromised.
Additionally, Discord servers or communities should consider deactivating or removing permissions from the MEE6 bot at this time.
To stay safe and learn about other potential attack vectors in Discord or on Twitter, refer to our article on the top five NFT scams from this year.
Plus, in our stay safe from scams article, we go over some best practices about how to avoid Discord direct messaging scams and more.
This story is still developing. As Lucky Trader learns more, we will update the article.
