Earlier on, the Illuvium Discord server was hacked. Despite Illuvium’s swift response, the hackers were able to steal $150k from 41 wallets. Following the recovery of their server, they could not recover the stolen funds. In this regard, the game will be refunding the assets stolen during the Illuvium discord server hack.
Illuvium made this announcement via their official Twitter Handle. It also issues a form to that effect. Here are the details of the hack and subsequent compensation.
Details of the Illuvium Discord Server Hack
On the 31st of December 2021, the Illuvium discord server was compromised. Hackers were able to gain access to the account of a core Illuvium contributor. Once they did, they connected a rogue Discord webhook in the #jobs channel. In that channel, were impersonating an Illuvium bot and announcing a New Year NFT stealth mind.
In that announcement, they attached a fake website similar to the Illuvium NFT platform. Once a user authorizes the platform to gain access to their wallets, the attacker will steal their digital assets. They were able to steal $150k from 41 wallets. However, Iluuvium believes that not all these wallets are those of the hackers. It believes that some of these wallets are those of the hackers. The game is also advising Illuvians who interacted with smart contract to revoke the site immediately.
Once Illuvium became aware of this happening, Illuvium banned the compromised accounts. It also sent out warnings to members of its discord server. Their response team revoked the access of these accounts from accessing Illuvium’s internal systems.
Further Security Measures and Compensation for Lost Funds.
Following this discord server hack, the blockchain gaming outfit took further security measures. Besides stopping further damages, these rules will prevent further hacks on the community. Here are the some of the changes to its discord server:
- Pruning over 50K members, both inactive users and identified bad actors
- Removed the ability for new users and bots joining the community to see our users in the server, so they cannot instantly direct message them with scams
- Reducing the number of people who can tag @everyone and @ users on our server to the superadmins.
- Removing permissions from all users to generate webhooks except for superadmins.
- Revising all user and role permissions in the server, making it easier to manage and spot rogue permissions.
- Adding an additional compulsory entry point in the Discord server. Users entering the server must review our rules. This includes an important warning regarding common scams on Discord and how to avoid them.
As part of its “post discord hack prodecures”, Illuvians will receive the USDT equivalent of the stolen funds. This will be done directly to the accounts of the victims. To recover your funds, fill the Illuvium Discord Security Incident Compensation Application Form.