It asks you to verify by captcha and stuff, just to make it look legit and it shares a link as well I think, which no one should click without proper verification. Once that link is clicked, the metamask wallet opens and asks them to approve the application and once the user does that, BAM, their wallet gets hacked. It's as simple as that for those scammers. They don't care what a person goes through because of their actions. Recently I myself have been a target of some hacker group and lost 3+ BTC and other assets. I still get sad because of it... So please make sure not to click on scammy links and always store your crypto in a Hardware wallet. Thanks for reading. Stay safe.
I don't think approving would be able to hack the wallet but inputting your secret phrase would make it vulnerable to attacks for sure. Just be careful with that. Those hackers are expected to not care at all about the users that they are attacking. As long as their benefit from it, they wouldn't care at all.
This is a new insight for me, seems scamming scheme does keep evolving on Discord. @crwth, do you mind if you share the particular Discord server that you experienced regarding this issue or any server that you any aware of? The above comment seems to give a new explanation. It is probably that the hacker are keeping the Discord member list or utilizing the discord server newcomer bot, it is also plausible that the alleged scam site are from someone instead of directly from the server verification bot.
I joined the Enjin discord group. I'm not sure if the verification bot is compromised or something.
Never experience it myself but it is not that surprising. I mean, there have been cases like this since MetaMask become popular and some people never bothered to check whether a contract or request is malicious or not. I do get an invite to many scam groups though. It seems like Discord is really not that different from Telegram if we're talking about scammers' modus operandi.
If you are in multiple groups like signal groups or something. You would receive unsolicited DMs from bots saying that you have won X amount of ETH or BTC. That's the usual thing that scammers do or something.
I have joined a few discord servers and never asked that way just as you've experienced. That's already fishy when a website asks you to connect to your wallet even if it's not required at most times and it's just a discord or telegram channel.
And another red flag is when they've asked you about your private keys/recovery phrases. It's a total no-no and whoever owns that server surely knows what he's up to and that's likely why many folks have been hacked that they've never noticed, they're giving their seed phrases willingly not knowing that it's a type of hack or phishing.
That's the reason why I'm surprised to have that and asked here in the forum if you have experienced it yourselves with something similar.
lol thank you for this information. I just know that if hacker is starting to create scam bot to be used on discord as well. Shit this gonna be a problem for discord to remove such bot. Asking for recovery phrase and password have become a red flag if that discord server has been infected by scam bot. The creator is a scammer. im sure about this. The verification is having a purpose to confirm if you're not bot but not for asking that our wallet, password or even phrase.
Be careful what you browse and see. Never give out recovery phrases etc.
