According to reports, the Axie infinity’s Discord Bot has now been hacked in yet another exploitation of the renowned play-to-earn nonfungible token game. The gaming venture announced this development in a tweet relayed through its official handle on Wednesday. As revealed, this exploitation on Axie Infinity’s Discord platform consequently led to malicious access to its MEE6 bot.
The MEE6 manifested as a prominent Axie Infinity’s Discord Bot which functions as a technique for digitalizing messages and roles. More so, the MEE6 is overtly employed by series of crypto ventures. Now, as reported, the scammers employed the vulnerable bot as an enabler to secure unauthorized permissions into a clone Jiho account. Afterward, they proceeded to relay an untrue announcement as regards a mint via the account.
As an effort geared toward neutralizing the threats by the attackers, the developers of the server immediately removed the compromised MEE6 bot from the main server. Also, the developers deleted the fake announcements already relayed by the scammers. Now, the venture feels many of its subscribers may still see the deleted announcements and thus warned them against falling for it.
According to the developers, the security breach on the Axie Infinity’s Discord Bot MEE6 has also occurred to many projects. The developers feel such usually manifests in the virtual space. Although, as at press time, the MEE6 Discord Support Channel still debunked the claim of a hack on its server. The channel vehemently averred that it received confirmation from its engineers, denying an occurrence of such exploitation.
As reported, the attackers first exploited the accounts of the admin before securing access to the alternate admin. With this, the attackers successfully relayed fake announcements, obscuring the account of the exploited administrator.
How Axie Infinity Ronin Bridge endured its previous security breach
This attempted exploitation, however, comes just within few weeks that its Ronin Bridge suffered its biggest hack. The network as reported lost about 173,600 ether and $25.5 million USDC, amounting to $600 million to the exploitation.
A Post-Mortem report traced the genesis of the hack to 2021 when Sky Mavis asked Axie DAO to send free transactions owing to the large user load. Consequently, the Axie DAO whitelisted Sky Mavis to approve various transactions on its behalf till December 2021.
The report further that AXIS DAO failed to revoke the permitting access after the termination of the partnership. The attackers thus spoofed the account of a former employee of Sky Mavis. As revealed, the attackers compromised the details secured from the spoofing to exploit 4 validator nodes.