Incident Reports

Discord Phishing Scam Update - Sep 17, 2022

UPDATE (Sept 17, 2022): The fraudulent server mentioned in this post is still very active and has hijacked another old discord invite link. DO NOT USE https://discord.com/invite/xSPFHHS THIS IS A LINK TO A FRAUDULENT SERVER IMPERSONATING BADGER. At first glance this server looks convincing as it has been structured to mimic the Badger main discord. DO NOT INTERACT WITH THESE BAD ACTORS. We are continuing to scrub historic posts for this link and encourage anyone in the community who has ever shared it to do so as well. We are also continuing to escalate this issue with the discord support team and encourage anyone with a connection to their team to reach out to us.

As the DeFi ecosystem continues to evolve, a growing number of bad actors are finding new ways to deploy phishing scams aimed at obtaining private user information with the intention of stealing users' funds. We wish to remind all users to be mindful of these potential scams and exercise extreme caution when transacting and to ensure that links are in fact leading to the intended destination.

Yesterday a whitehat disclosed an isolated discord phishing scam to our support team via a support ticket. They advised that the discord.gg/badgerdao invite link had been hijacked by potential scammers and was redirecting users to a fraudulent server posing as the main Badger Discord. Immediate action was taken and we have since been able to reclaim the original invite link and can confirm it is no longer directing users to the fraudulent server. This invite link has been secured indefinitely and has been updated on all owned platforms.

As soon as the report was made, the team immediately opted to:

  • Scrub the malicious link from the front end and all Badger social platforms (https://github.com/Badger-Finance/v2-ui/commit/6c6e699dae0e304180b4031b3f2b4b2cf5d0d440)
  • Enlist whitehat investigators to conduct a further investigation
  • Notify the small group of users we believe may have joined the fraudulent server

The following official report was submitted to the discord support team.

We've since received the following response from the discord support team.

Badger has been able to reclaim the original invite link and can confirm it is no longer directing users to the fraudulent server. This invite link has been secured indefinitely and has been updated on all owned platforms.

IMPORTANT: For the foreseeable future, discord.gg/badgerdao WILL BE THE ONLY OFFICIAL INVITE LINK AVAILABLE to access our discord. Any other link claiming to allow access to the Badger discord server is fraudulent. Despite best efforts to scrub all past information posted, there may be some legacy links in existence. These have been officially disabled on our server and will never grant access to the main Badger discord.

The creation of new invite links has been disabled. We encourage everyone to ensure they are following the correct link at all times and to report any suspicious activity that may be relevant to our investigation.

In the hopes that you'll always be able to protect yourself from scams and frauds, we recommend checking out these videos about how to determine if a transactions are malicious:

https://www.youtube.com/watch?v=5bvgm5SYTGc&ab_channel=BadgerDAO

https://www.youtube.com/watch?v=NfHBD0450DA

Support
|
DeFi Glossary
|
Read the documentation
|
See the code on GitHub
|
Brand Guidelines