Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

People Building 'Blockchain City' in Wyoming Scammed by Hackers (vice.com) 53

CityDAO -- the group that bought 40 acres of Wyoming in hopes of "building a city on the Ethereum blockchain" -- announced this week that its Discord server was hacked and members' funds were successfully stolen as a result. From a report: "EMERGENCY NOTICE. A CityDAO Discord admin account has been hacked. THERE IS NO LAND DROP. DO NOT CONNECT YOUR WALLET," the project's Twitter account declared. CityDAO is a "decentralized autonomous organization" that hopes to collectively govern a blockchain city, offering citizenship and governance tokens in exchange for the purchase of a "land NFT" bestowing ownership rights to a plot of land. Like many other cryptocurrency, NFT, and DAO projects, CityDAO's community lives on Discord, a popular service chiefly designed for gamers but which has become an indispensable part of the crypto ecosystem. On Discord, CityDAO issues announcements, updates, answers questions, hosts a community, and issues alerts for "land drops," or opportunities to buy NFTs that represent parcels of land.

The attack worked by compromising the Discord account of a moderator, a core-team member and early investor who goes by Lyons800. They detailed the angle of attack in a Twitter thread the following day. First, the attacker posted a doctored screenshot showing a conversation with Lyons800 in another Discord server, claiming that he was scamming people there. Lyons800 offered to prove it wasn't him and got on a voice call with the scammer, who convinced the moderator to let them inspect their console. From there, the scammer obtained Lyons800's Discord authentication token that let them hijack the account. In a tweet, Lyons800 described this as "a ridiculous security breach from Discord." From here, the scammer launched a webhook attack to exploit CityDAO and BaconDAO -- a group that describes itself as an "investors guild" that educates its members -- where Lyons800 is a co-founder. Webhooks are best thought of as tools that connect Discord servers to other websites, and are often used to send automated messages and updates.

This discussion has been archived. No new comments can be posted.

People Building 'Blockchain City' in Wyoming Scammed by Hackers

Comments Filter:
  • by ffkom ( 3519199 ) on Friday January 14, 2022 @05:11PM (#62173711)
    ... to build anything, using the oh-so-common excuse "it was hackers!"? Congratulations, that is the crypto-scam mastery we all want to see.
    • In this case, I'd say more of a sod [wikipedia.org] pull ... :-)

    • ... to build anything, using the oh-so-common excuse "it was hackers!"? Congratulations, that is the crypto-scam mastery we all want to see.

      Somehow it does not surprise me that a group of people who wanted to build a blockchain community got hacked. Idiot optimists are prime targets for scammers of all sorts. They will believe anything you tell them.

  • by fermion ( 181285 ) on Friday January 14, 2022 @05:22PM (#62173743) Homepage Journal
    At least I think it is. That means that we are not citizens of a city, but of a country. Unless they are building a totally self funded gated village, or plan to sucede from the Union, there no need to buy a plot to access public areas. California attempted to restrict access, for instance by prosecuting person who transported vagrants across state line, it those were ruled unconstitutional mid 20th century. Likewise, deed restriction were in place to limit residency by race until the late 20th century but those were also deemed unconstitutional. This is a land scam, which the west is well known for. Instead of a cozy office with fancy models of the transformed desert, they have a fancy website with fancy sounding language.
    • Maybe you've never heard of the city of Irvine, CA [wikipedia.org], entirely owned and operated by The Irvine Corporation [wikipedia.org].

    • by splutty ( 43475 )

      You're thinking people would actually build real things on real land? This is 'blockchain crypto bullshit bingo bla bla' we're talking about.

      So it'll be NFTs of pictures of houses built on the NFTs of the pictures of the plots of land they're supposedly 'buying'.

    • by BrainJunkie ( 6219718 ) on Friday January 14, 2022 @05:50PM (#62173813)

      there no need to buy a plot to access public areas

      There are plenty of BLM parcels that can be accessed only from private land. There is a court case going on right now, in Wyoming even, where hunters are being being charged with trespass [backcountryhunters.org] for walking from one corner of a BLM parcel to another. Without owning adjoining land this is the only way to access many otherwise "public" lands in the Western US [trcp.org].

      • The possibility of not being able to obtain access to land you "own" is pretty ridiculous, but it's real. I once looked in to this on some "cheap" land and drew the conclusion that even if you have a good lawyer, you may not be able to obtain access to what you "own". You are at the mercy of whoever owns the route you need to traverse, and they are under no obligation to give in at any reasonable price. In theory the government can solve this with eminent domain, but even that can take forever and fail w

        • There is such a thing as "easement by necessity." I am not a lawyer. Maybe it is difficult to establish such a thing in practice. But it sounds like it would be applicable to landlocked parcels.
          • IANAL either; but having read some, I found that their definition of "necessity", does not include the need to make the land usable if it's already land-locked. This article [incorporated.zone] seems to imply that if you don't obtain the easement when the land is subdivided, you no longer have the "easement by necessity".

            As a non-lawyer, I find the language to be really weaselly and over-weighted in favor of those who it seems ought to have to give up the easement. I read another case where somebody cut off the end of a cul-

            • This is of course OFF TOPIC for the thread... but I find it interesting, so i am going to jump in :)

              In the first case where a person buys a land locked inaccessible piece of property - you mention that someone "ought to have to give up the easement". I don't see why they should. One person made a (bad?) decision to purchase land. That should not obligate someone else to give up their land. Why give up the right to control access to and privacy of their property because someone else made a purchase of a

      • Is that kind of like the tricks they use to keep the poors off public beaches? I seem to remember there was a billionaire who would basically corded off a public beach for himself and then bought off the city to keep doing it. You could technically enter the beach but good luck getting anywhere near it
    • The United States is a federated nation. You are both a citizen of a country, and citizen of the state in which you reside. Each state also has its own Constitution. And for the most part States and Federal government have overlapping jurisdictions with the State taking precedence in many cases. When the media reports on the work done by the Judicial branch, it is essentially to arbitrary between State and Federal jurisdiction. And examine the power of the legislature as expressed through State law and Stat

    • Welcome to the Wild West! We don't need no stinkin' regulators. No two-party authentication. No messy rules on safeguarding valuables of our customers. Why waste time with safeguards when we can set up single-point-of-failure systems and save lots of money!
    • by hey! ( 33014 )

      Technically the smallest enclosing sovereign entity would be the state of Wyoming, which in turn is enclosed in the larger sovereign entity of the US. This kind of joint sovereignty is possible because in theory the distribution of power established by the US Constitution follows the MECE principle: Mutually Exclusive, Collectively Exhaustive.

      Because of the "collectively exhaustive" property inferior government units like counties, municipalities, and special taxation districts are creatures of the state.

  • by Anonymous Coward

    best possible outcome

  • by Anonymous Coward
    it is your own damn fault. Enough people have sounded warnings and pointed out it's a ponzi.
    • What if the Dunning-Kruger effect has lead me to believe I'm smarter than everyone else? At the very least this should be a forgivable social disability. I mean what's unreasonable about wanting an unregulated, decentralized currency without government meddling but also have the government step in to stop fraud and robbery?

      • What if the Dunning-Kruger effect has lead me to believe I'm smarter than everyone else?

        Then you're at the Dunning-Kruger Peak for understanding what the Dunning-Kruger effect is.

  • A key ingredient was the social hack. Well done for a hack. Nasty.

    But if you're buying 40 acres somewhere, there has to be some significant funds involved, no? And if you want to build a city out of thin air, with some newfangled blockchain currency thing (a very stupid idea IMHO), wouldn't you want to establish a watertight, service independent crypto-hardened auth/auth/ident system for rock-solid accountable and trackable transactions and fund management first? Seems logical to me.

    The root of the problem

    • by coop247 ( 974899 )
      "I do hope they can trace and catch the fraudsters though."

      Hello police, I willfully handed my magic beans over to the wrong hash address, can you help.
  • by 93 Escort Wagon ( 326346 ) on Friday January 14, 2022 @05:32PM (#62173771)

    And a mule?

    Kidding aside - 40 acres is the size of one small family farm. How's a city supposed to fit in there?
     

    • Kidding aside - 40 acres is the size of one small family farm. How's a city supposed to fit in there?

      Those "land NFTs" people purchase are highly compressed ... :-)

  • by Salton Pepper ( 6245830 ) on Friday January 14, 2022 @05:32PM (#62173773)
    Ridiculous that Lyons800 allowed a stranger to remotely access his console. Yeah, that's clearly the fault of Discord... /s
    • by raind ( 174356 )
      Lol right!
    • Ridiculous that Lyons800 allowed a stranger to remotely access his console. Yeah, that's clearly the fault of Discord... /s

      Just remember that these are the brains behind these services proposing to handle your money.

    • by Barny ( 103770 )

      That's not what happened. The scammer had him open the inspection console (ctrl+shift+I) and then screenshot it and post to "verify his authenticity".

      Easy enough to walk someone through to Network tab and then make sure that screenshot includes the sent headers for a message acknowledgement—which has their Discord auth token for the session.

      Again, no remote access needed at all, just some social engineering.

    • I tend to not have too much sympathy for the folks who get caught up in the silly NFT craze - but really they're all lucky they learned early on that this dude has no business handling funds (real or pretend) that belong to other people.

    • by AmiMoJo ( 196126 )

      The phrase "connect your wallet" was probably a warning sign for the users. What a great idea, give some rando on Discord a direct connection to your wallet.

  • First, the attacker posted a doctored screenshot showing a conversation with Lyons800 in another Discord server, claiming that he was scamming people there. Lyons800 offered to prove it wasn't him and got on a voice call with the scammer, who convinced the moderator to let them inspect their console. From there, the scammer obtained Lyons800's Discord authentication token that let them hijack the account. In a tweet, Lyons800 described this as "a ridiculous security breach from Discord."

    Potentially (and tenuously?) plausible, but sounds more like an inside job with a "story" to match, including putting the "blame" on someone else. It'll be interesting to hear about more details in the future.

  • Their entire vision was to based upon sacrificing the planet to enrich themselves. This couldn't have happened to a nicer group of people.

  • by quonset ( 4839537 ) on Friday January 14, 2022 @06:07PM (#62173865)

    Watching all these people get scammed in crypto, or the loud mouthed anti-vaxxer bodies hitting the floor.

  • In a tweet, Lyons800 described this as "a ridiculous security breach from Discord."

    That's what the article says. I couldn't find that tweet myself, but there was one tweet marked as deleted. Presumably other folks told Lyons800 that sharing your console (and auth secrets) with someone will very naturally give them full access, and isn't a security breach from Discord. How does someone this ignorant of digital security decide to manage other people's digital currency? Ugh.

  • Here's your sign.
  • I realize that out of all the weirdness in this story this may be an odd, minor one to fixate on, but:

    "Like many other cryptocurrency, NFT, and DAO projects, CityDAO’s community lives on Discord

    "Why is your cryptoNFTDAOCurrency project using this 'blockchain' thing?"
    "Oh, you see, Blockchain is a distributed, decentralized, open system where anyone can set up their own independent node and participate, and the system is secure and cannot be manipulated or controlled by any central authority!"
    "Gee,

    • I completely agree.

      Any honest project should have security and decentralisation as primary concerns. The crypto space could invest in teaching their community how to protect themselves by simply setting up a DAO to help fund a small team full-time to produce education and maybe some security certifications... But the majority of projects don't care.

      (Except Cardano which is apparently seeking proposals for exactly this via Catalyst).

      As a side note, there are ways to avoid gas such as using another network s

    • Blockchain itself has nothing to do with crypto, it is normally based on consensus, and there is no "gas" needed to make it work. You choose your consensus method when you create the blockchain. You can have all the senior people in your group running their own servers, and set the consensus threshold.

  • It's so fitting that a bunch of blockchain-bros should be ripped off by an obvious scam using an online discussion server. Their blind belief in crypto -currency reveals their cult mentality. Without critical thinking skills they're ripe targets for scams. By falling for this venture in the first place they painted a big target on themselves saying "Steal from me!!!"

    Now they'll go to law enforcement (i.e. the "ebil gumerment") to try and track down the thieves. Hypocritical dimwits get what they deserve.

  • Anyone who gets into this kinda them is a fool ! $$$ taken by whom ? Really ?
  • There is nothing new about these so called electronic coins. Banks have been dealing with real coins and real money for decades and it has been electronic for decades. I can send you USD funds without a check or actual money. I could do that clear back in the 1980s without a problem. It's also real money and it's all recorded in a real ledger that stands up to an auditor's scrutiny. So it's all based on real stuff.

    These "crypto" coins that are really not crypto in the first place aren't based on anything. I

  • Every time I turn around, I keep seeing articles about a Discord server being hacked.

    Sounds like folks should be dropping Discord like a bad habit or are there better ways to better secure your Discord server?

    I have never used Discord, so I am genuinely curious...

Decaffeinated coffee? Just Say No.

Working...