Latest Zipcy's SuperNormal News
Gimpey from Zipcy's SuperNormal team released the official details on today's hack incident.
"Update on how the hack occurred, and what happened. To revise my previous statement, it was not Joe who was hacked - rather Tron. It appears the bot invited a fake Joe, spoofing his Discord Username (and number). Gave this bot full perms over the Discord, so it looked exactly like Joe. And then used this fake Joe to create Webhooks, making it appear that Joe was hacked. I was eventually able to use the Audit Log to figure out that this fake Joe was invited to the Discord (by hacked Tron) early this morning. We've gone ahead and removed Tron for the time being, and are speaking closely with him to figure out next steps on his side. Unfortunately, these hacks are becoming more and more complex, both in terms of how the hackers gain access to accounts, and what they do once they have access. So please, do not put Founders (of any projects) on blast in these situations. They take it seriously, and I know Tron is taking personal responsibility over this matter. Please be mindful of the periodic security announcements we've been making. We can not say it enough, we will never hold a mint in this manner. Currently, it seems that ~15 users were affected. We're working with them closely to gather as much information as possible."
In a confirmed hack, there is now a post for a "free airdrop claim for everyone" in Zipcy's SuperNormal Discord.
The claim link does not direct to Zipcy's official website. Do not click any links until the team confirms the Discord is no longer compromised.
UPDATE: The team posted clarification on the hack:
"Joe was hacked. This specific hack involves webhooks, and bypasses 2FA (which all higher level roles here are enforced to have). The worst case scenario, was that Joe was the server owner. This made it so I couldn't do anything but try to delete messages and remove the webhook (which the hacker - through Joe) just kept adding back in. Joe is banned for the time being until we know his account is secure."