On Wednesday, Virtuals Protocol, an AI-driven platform, experienced a major security breach, exposing its Discord server to unauthorized access and phishing attacks. Hackers compromised Virtuals Protocol’s Discord server, while phishing links impersonating its official website surfaced on Google Search. This incident came just days after the platform resolved a critical flaw in its audited smart contract. How Hackers Exploited Virtuals Protocol’s Discord Server The Virtuals team reported that the breach occurred after a private key belonging to one of the Discord moderators was compromised. This granted the attackers unauthorized access to the messaging platform. The issue has since been resolved , with the server secured by the Virtuals team. Update: One of our Discord mods had their account compromised. The incident is now resolved. https://t.co/E1Z0y5IQXl — Virtuals Protocol (@virtuals_io) January 8, 2025 In addition to the Discord breach, cybersecurity firm Scam Sniffer identified three malicious links on Google Search impersonating the Virtuals Protocol website. Google's really outdoing itself—now showing THREE phishing ads impersonating Virtuals Protocol (up from one)! Scammers are paying Google bucks to steal your crypto. Pro tip: If you enjoy losing assets, click those top search results and connect your wallet! Stay safe,… https://t.co/RG4Io0JIyO pic.twitter.com/4klK3PdsjX — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 8, 2025 Users were warned to avoid interacting with these links and urged to verify official URLs before clicking. Meanwhile, Virtuals Protocol addressed another major security concern earlier this month. On January 3, the team fixed a vulnerability in its audited smart contract after security researcher @lj1nu identified the flaw in the platform’s token-launching mechanism on Uniswap V2. The vulnerability stemmed from the AgentToken creation process, which used the Clones library to make token addresses predictable. This predictability arose from the AgentFactoryV3 contract’s nonce. Additionally, the initialize function in AgentToken failed to check if a Uniswap pair already existed, risking transaction reverts and exploitation. @lj1nu demonstrated the exploit risk using a Tenderly proof of concept. After publicly disclosing the flaw on X , Virtuals Protocol verified and patched the issue. The fix includes additional validation steps to prevent similar flaws. The team apologized for the initial miscommunication, published the fix on BaseScan and GitHub, and relaunched its bug bounty program. Phishing Scams and Private Key Breaches Dominate 2024 Crypto Security Threats Phishing scams and private key breaches remain major concerns for blockchain and cryptocurrency users. Phishing was the priciest attack vector in 2024, accounting for nearly half of the $2.36 billion total loss, according to @CertiK . #phishing #cryptoscam #blockchainsecurity https://t.co/8hhIXxKJh3 — Cryptonews.com (@cryptonews) January 3, 2025 According to CertiK’s Web3 security report , phishing scams accounted for over $1 billion in losses across 296 incidents in 2024, cementing their status as the costliest attack vector of the year. Phishing incidents: $1 billion in losses across 296 incidents. Private key breaches: $855 million in losses across 65 incidents. One particularly notable case in May saw a trader lose $68 million to an address-poisoning scam. However, the attacker returned the funds after 10 days, likely due to pressure from security firms. Private key compromises ranked as the second-largest threat, causing substantial financial losses. CertiK cautioned that phishing tactics could evolve in 2025, influenced by advancements in AI. Despite the threats, overall crypto hacking losses dropped by 52% compared to 2022, when $3.5 billion was stolen. However, hacks still cost the industry $2.3 billion in 2024, a 40% increase from the $1.69 billion stolen in 2023, according to Cyvers . The post Virtuals Protocol Discord Server Hacked, Fake Links Spread appeared first on Cryptonews .
