Hackers managed to steal nearly $438,000 by announcing fake NFT collections on the artist’s Twitter account.
–
Hackers have taken advantage of the notoriety of Beeple (Mike Winkelmann) to steal funds. Known for having sold the most expensive digital work in the world, Everydays : The First 5000 Dayssold for $69.3 million, he saw his Twitter account being hacked May 22. After regaining control of it, he urged his more than 673,000 subscribers to be cautious, adding that “Anything too good to be true is a fucking scam”.
Unfortunately, the damage was already done. Following the hack, the hackers announced a collection of 1,000 NFTs created by the artist in collaboration with Louis Vuitton: “I’ve been working on it with LV behind the scenes for a long time”, had indicated the pirates pretending to be him. They later announced the release of another 200 additional NFTs. Both posts included a link to a fraudulent site. These scams allowed their perpetrators to steal $270,000 in ether and 45 NFTs worth around $165,000, according to Harry Denley, security researcher for crypto wallet company MetaMask.
A successful technique for stealing NFTs
A total of around $438,000 was stolen in almost five hours using these phishing sites. Also known as phishing, this attack technique involves impersonating a trusted site, such as that of an NFT creator, to trick victims into giving their crypto wallet details.
This is not the first time it has been used by cybercriminals in the world of NFTs. At the end of April, a hacker managed to steal more than 2 million dollars after hacking the Instagram account of the famous Bored Ape Yacht Club collection. More than $1.7 million in NFTs were also stolen by a criminal posing as the Opensea platform last February.
More broadly, phishing is a particularly popular technique in the world of cybercrime. Fairly simple to set up, it was the main cybermalware encountered by professionals and individuals in France in 2021. In its report, the Cybermalveillance.gouv.fr platform warned that it is “has become today the main vector at the origin of a whole range of cyber-maliciousness which range from account hacking, through fraudulent bank debits, to identity theft and even the infamous attacks by ransomware “.
–
