This morning we unfortunately found out that a Discord server or a user account of a mod/admin on the server was hacked. Unfortunately it has caught here Leofinance and our valuable member @anomadsoul . How the hack came about can't be described at this point, but I think @anomadsoul will make a statement about it. But one thing is clear - this is not the first phishing attack on Leofinance users and fortunately all of them have been averted so far, because you, the community, surf the net with careful eyes and warn other members quickly and effectively! Many thanks to the great community, who reacted quickly and warned the users in many places.
What remains?
What remains is less trust, which we all have when it comes to promotional actions, and a quite destroyed Discord server, which was the starting point for many thousands of users. The work in a Discord server and its community is very big and requires some knowledge. I would like to encourage the @leofinance team not to be discouraged by this setback, but to take it as an opportunity to rebuild the Discord server and take basic security measures to prevent such a perfidious attack from happening again.
Actions from the community
I myself visited the website with the scam but when visiting the site normally I guess there was nothing serious about it. Of course, I did not blindly connect my wallet and take further steps. Since I did see through the scam quickly, it was easy to find out where the domain/server is hosted . I sent as soon as possible to Hostinger a request for abuse which was processed very promptly. Also other community members submitted the Abuse reports and were able to get the hoster to shut down the website the scammer sent for his fake airdrop.
We have seen this kind of behavior more and more often in the past - So the hosters used by scammers react quickly and shut down websites. Many thanks go to the Abuse team at Hostinger!
Financial damage?
Yes, there is currently only one known case, and that from my circle of acquaintances, who actually fell for the scam. The financial damage is about 45 US dollars at the current time. The user (name I do not want to publish here) has quickly realized that it was wrong but very much sees his mistake, sees it as an apprenticeship and was also the first scam ever that he fell for. The financial damage remains within limits.
Was the scam successful?
I'll say no. The amounts the scammer took in through his scam are quite manageable. Let it be at just under 100 US dollars. Costs for the domain, hosting, setting up the fake smart contracts (https://etherscan.io/address/0x00000f312c54d0dd25888ee9cdc3dee988700000 + https://bscscan.com/address/0x00000f312c54d0dd25888ee9cdc3dee988700000) and the time to create the scam webpage are probably higher than the sums taken by the scammer. At this point a big middle finger in the direction of the scammer!
What happens next?
I expect at least from @anomadsoul an explanation about how the whole thing could happen. I expect admins as well as members who have moderation roles to install and set up 2-factor authorization. I would like to see the @leofinance server rebuilt.
Thank you!
Thanks to those who reacted quickly, redistributed these messages about the fake airdrop and gave their possible within their communities to warn as many people as possible about the scam. This thanks is due to you!
Let's learn from this together - Always be careful on the Internet - If a gift is too good to be true, please question it and do not blindly click on it.
Lets start over.
Vote for my Hive Witness
U can vote for my Witness using Hive Keychain here: https://vote.hive.uno/@louis.witness
Vote for my Hive Engine Witness
Vote for my Witness on Hive-Engine using Primersion Tool: https://primersion.com/he-witnesses Enter your Username and search for louis.witness
Hey Louis! Thanks for this thorough post, voted!.
We do have 2FA and more than a few security measures but the way the hacker got through actually ignores 2FA. It was done in a very smart way but thankfully the community responded in an outstanding way and all we need to do is rebuild the discord server (yikes). Thanks for your quick response and for helping us get the site down and spreading the word, we won't let this slow us down on our way to adoption both for Leo and for Hive.
I hope to see you in September!