- The Avalanche and ZKsync Discord servers were compromised within 48 hours of the Polygon incident.
- Attackers shared malicious links promising free tokens and exploited both communities.
- Avalanche resolved its issue within an hour, while the ZKsync breach remains unconfirmed and unresolved.
Over the weekend, the blockchain community was shaken by a wave of Discord compromises that began with Polygon and quickly spread to Avalanche and ZKsync. These incidents involved the distribution of malicious links that promised fake token giveaways, highlighting a growing trend of security breaches targeting cryptocurrency projects. Such attacks not only erode trust but also expose users to substantial financial risk.
Phishing links circulated after Avalanche Discord compromise
On August 25, the official Avalanche Discord server was compromised and attackers posted fraudulent links claiming to offer free AVAX tokens. Avalanche’s official account immediately warned users not to interact with or click any links shared on the affected server. Community screenshots revealed the nature of the scam, which promoted fake “distribution” schemes for AVAX tokens. The Avalanche community lead, Ben Well, reported that the issue was identified and resolved within an hour and the team worked to restore normal server operations. Despite the fast response, the incident raised concerns about how vulnerable large blockchain projects remain to similar exploits.
ZKsync Discord hit by a simultaneous attack
Soon after the Avalanche breach, the ZKsync Discord server experienced a related incident. Roughly an hour after Avalanche was compromised, ZKsync’s Discord was also targeted. Attackers used the same tactic of posting deceptive links, this time promising free ZK tokens through a bogus “round 2 airdrop” scheme. While ZKsync has not publicly detailed an official response on social media, several team members acknowledged the issue on their Discord channels. The lack of a clear, centralized communication about the exploit has left uncertainty for some community members.
Discord attacks on crypto communities are on the rise
The recent breaches affecting Polygon, Avalanche and ZKsync are part of a troubling pattern of high-profile Discord compromises within the crypto space. On March 25, 2023, CertiK disclosed a phishing scam on Arbitrum’s Discord that abused a compromised developer account to distribute a malicious link. Similarly, on May 5, the Gnus.AI network suffered a Discord-related breach that resulted in a $1.27 million loss. This sequence of incidents underscores a concerning trend of coordinated attacks targeting prominent blockchain platforms. Phishing schemes and fraudulent token drops not only place individual users at risk but also threaten the credibility and security of the projects involved.
As these events show, maintaining secure channels and rapid, transparent incident response is critical for crypto communities. Users should exercise caution: avoid clicking unsolicited links, enable two-factor authentication, verify announcements through official channels, and report suspicious activity to moderators. Strengthening operational security and communication can help mitigate the ongoing threat of social engineering attacks on community platforms.