Mocaverse: Phishing emails received by community members were related to bot attacks, and the database was not leaked

Odaily News Animoca Brands NFT series Mocaverse posted on the X platform that some community members reported receiving a phishing email requesting MOCA allowlisting and verification. The official reminder states that if any user receives any suspicious emails, please do not interact or click on any links. Mocaverse later followed up and said: After receiving reports that community members received phishing emails claiming the corresponding Moca ID, the team investigated and confirmed that no data leak occurred in the database. However, a bot attack did occur, with 6 million emails. Mail attempts to retrieve information from the Mocaverse API and if the random email matches, the Moca ID is returned. Our reserve invite code feature has a passwordless email verification process that the service will return once the service is requested with an already registered email : 1. Eligibility 2. Domain name (if mint) The scammer tried 6 million random combinations and retrieved the above information using the email address and used it to send the scam email. Our developers were reported in the scam email This situation (information returned) was previously discovered via the API and an update was issued at 5:20pm Hong Kong time last Sunday.