Non-fungible tokens (NFTs) have exploded in popularity over the past year. However, amid this popularity, there has also been a rising streak of hacking attacks where NFT investors have suffered massive losses.
DeeKay Kwon, a renowned NFT animator, has suffered an exploit of their Twitter account. The hacked account was used to conduct a phishing campaign on Friday.
DeeKay’s Twitter account hacked
The hackers exploited the Twitter account of DeeKay Kwon to launch a malicious phishing campaign. The move happened on Friday morning after a phishing link to a malicious website was posted on DeeKay’s Twitter account.
DeeKay’s followers that followed the link were duped into signing transactions originating from a malicious smart contract. The post said that DeeKay was launching a new NFT collection that would be exclusive to only 1000 people. DeeKay’s Twitter account has nearly 180,000 followers. Hence the extent of the breach was significantly high.
The phishing website where those who followed the link were led to instructed the victims to claim fake NFTs. However, after the user approved the transaction for claiming these assets, the attacker gained access to their crypto wallets. The attacker then stole the NFTs from the victim’s wallets.
On-chain data shows that the hacker managed to steal around 65 NFTs before DeeKay recovered his Twitter account and deleted the malicious post. The threat actor also sold at least $80,000 worth of NFTs, and the money has already been transferred to another crypto wallet. The attacker still holds around 50 of the stolen NFTs.
DeeKay talked about this breach shortly after recovering his Twitter account. He assured his Twitter followers that he had recovered the account and apologized for the losses suffered. He also urged those affected by the breach to reach out to him, and they would work on establishing a solution.
Rise in crypto phishing campaigns
Some of the largest hacks in the crypto space are conducted through an exploit on the smart contract code. However, many digital assets are also stolen through phishing campaigns. Phishing campaigns involve tricking a user into providing access to their cryptocurrency wallets.
A few days before this exploit, Uniswap, one of the best DeFi exchanges, also suffered from a phishing campaign where around $8.6 million was stolen. The attack targeted Uniswap liquidity providers. The nature of these two attacks is similar.
Related
Battle Infinity - New Metaverse Game
- Listed on PancakeSwap and LBank - battleinfinity.io
- Fantasy Sports Themed Games
- Play to Earn Utility - IBAT Rewards Token
- Powered By Unreal Engine
- Solid Proof Audited, CoinSniper Verified