Axie Infinity, the popular play-to-earn nonfungible token game, faced another attack on its Discord server earlier on Wednesday, leading to a compromise of its MEE6 bot.
MEE6 is a popular discord bot mainly used for automating roles and messages and is used by numerous crypto projects. The attackers used the compromised bot to add permissions to a fake Jiho account, and later issued a fake announcement regarding a mint.
The developers managed to remove the compromised MEE6 bot from the main server and deleted the fake messages as well. However, the official Twitter account of the project warned that many users might still see the fake message until they restart their Discord.
2/ The announcements have been deleted but some users may still see the message until they restart their Discord.
We have removed the Mee6 bot from the server and will never do a surprise mint.
— Axie Infinity (@AxieInfinity) May 18, 2022
The developers also claimed that the compromise of MEE6 is not a new phenomenon and many projects have faced similar issues. However, the official MEE6 Discord support channel denied allegations of a hack and claimed they have verified with their engineers and didn’t see any unusual activity.
Many believe that the hackers compromised the admin accounts first and then got access to the alternate admin account using MEE6. This helped them to send out webbook messages while hiding the compromised administrator account.
The Discord bot compromise comes within a month of one of the biggest heists on Axie Infinity’s Ronin bridge resulting in a loss of over $600 million worth of crypto assets. The recent slew of security breaches has brought down the confidence of the community in the game, which was once seen as a revolutionary project for the gaming world.