Last updated:
Journalist
Hassan Shittu
Journalist
Hassan Shittu
Share
Why Trust Cryptonews
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
On Wednesday, Virtuals Protocol, an AI-driven platform, experienced a major security breach, exposing its Discord server to unauthorized access and phishing attacks.
Hackers compromised Virtuals Protocol’s Discord server, while phishing links impersonating its official website surfaced on Google Search.
This incident came just days after the platform resolved a critical flaw in its audited smart contract.
How Hackers Exploited Virtuals Protocol’s Discord Server
The Virtuals team reported that the breach occurred after a private key belonging to one of the Discord moderators was compromised.
This granted the attackers unauthorized access to the messaging platform. The issue has since been resolved, with the server secured by the Virtuals team.
In addition to the Discord breach, cybersecurity firm Scam Sniffer identified three malicious links on Google Search impersonating the Virtuals Protocol website.
Users were warned to avoid interacting with these links and urged to verify official URLs before clicking.
Meanwhile, Virtuals Protocol addressed another major security concern earlier this month.
On January 3, the team fixed a vulnerability in its audited smart contract after security researcher @lj1nu identified the flaw in the platform’s token-launching mechanism on Uniswap V2.
The vulnerability stemmed from the AgentToken creation process, which used the Clones library to make token addresses predictable.
This predictability arose from the AgentFactoryV3 contract’s nonce. Additionally, the initialize function in AgentToken failed to check if a Uniswap pair already existed, risking transaction reverts and exploitation.
@lj1nu demonstrated the exploit risk using a Tenderly proof of concept. After publicly disclosing the flaw on X, Virtuals Protocol verified and patched the issue.
The fix includes additional validation steps to prevent similar flaws. The team apologized for the initial miscommunication, published the fix on BaseScan and GitHub, and relaunched its bug bounty program.
Phishing Scams and Private Key Breaches Dominate 2024 Crypto Security Threats
Phishing scams and private key breaches remain major concerns for blockchain and cryptocurrency users.
According to CertiK’s Web3 security report, phishing scams accounted for over $1 billion in losses across 296 incidents in 2024, cementing their status as the costliest attack vector of the year.
- Phishing incidents: $1 billion in losses across 296 incidents.
- Private key breaches: $855 million in losses across 65 incidents.
One particularly notable case in May saw a trader lose $68 million to an address-poisoning scam. However, the attacker returned the funds after 10 days, likely due to pressure from security firms.
Private key compromises ranked as the second-largest threat, causing substantial financial losses. CertiK cautioned that phishing tactics could evolve in 2025, influenced by advancements in AI.
Despite the threats, overall crypto hacking losses dropped by 52% compared to 2022, when $3.5 billion was stolen.
However, hacks still cost the industry $2.3 billion in 2024, a 40% increase from the $1.69 billion stolen in 2023, according to Cyvers.
