Almost a month after the project was hit with a Discord scam attack, Illuvium has finally initiated the process to refund their affected users according to an announcement made late in January 2022.
Illuvium estimates up to USD $150,000 worth of funds and assets were stolen during the attack through the use of infected webhooks and Discord bots.
According to a detailed report, Illuvium states that one of their contributor’s Discord accounts was compromised, allowing the attackers entry and control to some major function within the Illuvium Discord channel. This allowed the attackers to set up webhooks and bots to create fake announcements regarding a “New Year NFT stealth mint” event which led users to a fraudulent website.
Users who were unfortunately tricked to click on the link had their information phished out and their funds transferred to the wallets of the attackers. While Illuvium was able to lock down the compromised account before it could do more extensive damage, 41 users were reported to be already affected, with their funds and accounts compromised.
In response, Illuvium made major changes to rules and guidelines within their Discord community, pruning inactive members as well as changing bot behavior and permissions to help minimize the chances of the same attack happening in the future.
As part of the refund process, affected users must first fill up a form, posted on Illuvium’s official Twitter account and wait for Illuvium to verify their claim before getting the refund. Refunds will be made through USDT, and not the original currency that the affected users may have lost during the attack, but Illuvium states that they will be matching the equivalent amount or value.
As mentioned previously, we will be reimbursing those who lost their funds in the Discord scam that occurred 31st December 2021 PT. All affected users need to complete this form to claim their compensation: https://t.co/qk0D9WnsHV
— Illuvium (@illuviumio) January 31, 2022
Together with the refund process and updates to their Discord channel’s security Illuvium also states that they will also be reviewing and revisiting security practices across all their teams, and hold account security related training for all of their employees on a regular basis.