Thank youThank youThank youThank youThank youThank youThank you
3 Likes
Thanks for pointing this out to us @Kabirraya - after discussing everything in more depth, my initial assessment of what happened is the following:
- Twitter shortens URL to discord invite (no idea why)
- Some scammer registers this new, shorter URL as an invite
- creates fake API3 discord, installs bot that makes a signature request “for verification”
- the signature request allows them to spend your tokens (in this case, BNB)
- your tokens are moved by the scammer to a wallet they control
I note a DAO member has already replaced the BNB you lost (to a different wallet address you control) as a gesture of appreciation for helping highlight this issue. I am not aware of any current needs API3 have to get users to sign messages using their wallet, so all of these should be considered scams. On the whole I would be wary of having to sign messages that aren’t readable and easily understood anyway
4 Likes