Justin Kan's NFT Platform Faces Scam, $150K Lost

Web3 Platforms and User Security Concerns

Despite substantial venture capital investment, numerous web3 and cryptocurrency platforms remain challenging environments for individuals unfamiliar with the intricacies of crypto technology.

A recent example involves Justin Kan’s NFT platform, Fractal, which experienced a security compromise. A malicious actor gained access to the startup’s Discord announcement bot.

Discord Hack and Fraudulent NFT Offering

This unauthorized access allowed the scammer to distribute a deceptive link to Fractal’s user base, exceeding 100,000 individuals. The message urged users to purchase a new NFT.

The offer centered around 3,333 commemorative NFTs intended to mark the platform’s launch. However, the provided URL, fractal.is, was subtly altered—an “i” was substituted for an “l”—redirecting users to a fraudulent minting site.

At this fake site, users were defrauded of their funds without receiving any NFTs in return.

Financial Losses and Reimbursement

The scammer reportedly absconded with approximately $150,000. This incident occurred prior to the official launch of the Fractal platform, which had been scheduled for this week.

Backed by GOAT Capital, Fractal has committed to reimbursing affected users. They announced via Twitter that Sol losses would be covered, with further details to follow.

Widespread Attacks and Discord Vulnerabilities

Such attacks are unfortunately common. Hours before the Fractal breach, another Solana-based project, Monkey Kingdom, was targeted, resulting in a loss of over $1.3 million in cryptocurrency.

The fact that both incidents originated on Discord suggests a need for improved user authentication measures on the platform.

Update on Affected Users

Update: A Medium post from Fractal confirmed that 373 users were victims of the scam. The platform assured full compensation within the coming days.

Grape Protocol, a Solana-based tools platform, identified a compromised administrator account as the likely entry point for exploiting both Fractal and Monkey Kingdom.

Proactive Measures and User Awareness

Fractal had anticipated the possibility of such attacks, given their prevalence in other NFT-focused Discord communities.

On Friday, the team established an “anti-scam” channel within their Discord server. This channel allowed users to report suspicious activity.

A team member emphasized that Fractal would “NEVER” request funds to any address or utilize Google Forms for any purpose. Users were also advised to carefully verify the spelling of any links encountered.

Incentive Structures and Risk for New Users

While Fractal’s team actively sought to educate its users, the fundamental dynamics of the NFT market can discourage cautious behavior.

The rapid sell-out of NFT drops and a “fear of missing out” (FOMO) culture can incentivize impulsive decisions, posing a significant risk to less experienced cryptocurrency investors.