As you are probably aware by now, our Discord server was compromised at around 3am UTC on the 2nd of February. One of our high ranking mods unfortunately fell victim to a scammer who compromised his account, subsequently the scammer banned people, removed chat channels and posted an announcement of a fake mint through a fraudulent website.
The hacker managed to trick a small number of people into purchasing through their fake link, before control was taken back. Considering the size of our community at the time, it’s a testament to the support you gave each other early on and the fast actions of some fantastic community members, other projects and ourselves which helped warn others of the scam and subsequently shut it down.
As the founders of the project we are absolutely devastated by what has happened and regardless of the frequency and how common these attacks are now occurring in the NFT space, we thought we were keeping you safe. We built our community on trust and we feel we let you down on that.
With that said we firmly see this as an obstacle Jurassic Punks and you the community must overcome, we absolutely will push through this and come back stronger than ever together. This has not changed the huge plans we have in the space, nor has it put us off delivering on everything we have set out to do, if anything your voices of support have made us even more determined.
It really pains us that people in our community were caught out by this hack so we will be refunding any legitimate wallets affected by this scam. Please be patient as we work through this as it may take a few days for us to process and organise, but rest assured we will make sure those affected are compensated.
How it Unfolded.
One of our senior Mods was targeted with a scam that is becoming far too common in the NFT community. He was socially engineered to click a link in his DMs that gave away his Discord Token, once that had happened the hacker had full control over his account and could post anything he wanted and look believable. From there they closed all open chats and posted in every official announcement channel the link to the fake mint.
The scam unfolded early our time and caught us unaware, something we believe to be very intentional, to hit us at a time when we were asleep with only mods, with limited permissions, online.
Luckily the community and some amazing projects we are collaborating with got in touch with us almost immediately and we were able to quickly revoke the hackers mod controls and remove the link. However at 4am the decision was made to terminate the server to ensure the community’s safety.
Security is now a major priority for us so there are numerous things we are doing to ensure a safe space for our community.
- We are completely rebuilding our server, updating the hierarchy of roles and bringing on a 3rd party security advisor to maintain the safety of our Discord and its users.
- DMs will be permanently turned off for everyone, we will be looking at alternate ways to safely receive any communications for support, collaborations and any other contact needed.
- Although we had mods on 24 hours a day we are now making sure that users with enhanced permissions are online and keeping a watchful eye on the community 24/7.
- Over the next few days we will be verifying the wallets of those who were victims of the scam and refunding them. This may take us a few days to do but be confident in knowing we will get to you all and make sure you are taken care of.
Above anything, this has taught us the power of the JPunks community and the strength we have when we work together as one. We have been really overwhelmed with the support you have given us and we will continue to earn that through our actions and quality of work.
We will keep pushing forward with Jurassic Punks and nothing has changed in our plans or the scope at which we want to implement them. We firmly believe that we have something unique in the space and we will fight to make sure we achieve it and give you the best experience possible.
All we ask from you is to keep doing what you have been doing, support each other and keep each other safe. Be careful with who you are communicating with and if in doubt do not respond to anyone you do not trust as chances are it’s a scam. Anyone who interacted with the fraudulent mint webpage should remove it from their connected sites list, revoke any permissions or for complete safety move any assets out of the affected wallet and into a fresh one.
In return we will keep building, keep sharing and keep making sure we are creating the safest possible space for you all.
This is just the beginning.