Collections of non-fungible tokens (NFTs) unfortunately continue to be prime targets for hackers, and the Azuki project has paid the price. A malicious individual took over the project’s Twitter account to share a phishing link and managed to steal funds from some users.
Azuki’s Twitter account in the wrong hands
Friday, January 27, the non-fungible token (NFT) project Azuki’s Twitter account has been hacked. The person responsible for the mischief invited the community of Azuki to come and “claim land” in “The Garden”, the metaverse dedicated to the collection.
Screenshot of malicious tweet, since deleted (hidden link)
Unfortunately, via this link which had everything to seem honest at first glance, members of the Azuki community had their wallets emptied giving malicious permission on phishing site. In barely 30 minutes, 11 NFTs and 3.9 ETH were recovered by the hacker, then 750,000 USDC were sent to his wallet now identified as phishing by Etherscan.
The USDCs were then sent to another wallet, also identified by Etherscan, which swapped its tokens for WETH (wrapped Ether) thanks to the decentralized finance protocol (DeFi) Uniswap V3 via 2 separate transactions visible here and here.
The community manager of the project, Rose, quickly confirmed the Azuki account hack. Fortunately, the damage was relatively limited thanks to the responsiveness of the community, since MetaMask, for example, quickly blocked the domain concerned to protect its users, just like Phantom or ZenGo were able to do.
👉 Discover our tutorial to store and secure your cryptocurrencies
The all-in-one crypto app
0 fees for your 1st crypto purchase 🔥 (up to $200)
A case with rather murky outlines
Azuki’s Twitter account was fortunately recovered in the eveningand a post-mortem tweet was posted overnight from the project.
1/ The @AzukiOfficial Twitter was compromised today. A series of malicious tweets were posted during the morning of Friday, Jan 27th (Pacific Time).
The team has regained control of the @AzukiOfficial Twitter.
Details below 👇
— Azuki (@AzukiOfficial) January 27, 2023
As indicated in the thread, the Twitter account was recovered relatively quickly thanks to work carried out in concert with the teams of the social network. However, the mystery remains complete as to the origin of the flaw, as it would seem, according to the press release, that the relevant account was secured by a two-factor authentication method (2FA). An investigation was therefore launched by Azuki in order to shed light on this subject.
ZachXBT, known for its on-chain investigations, however, seems to have found the beginning of a lead. According to him, it is the same individual who managed to hack the Twitter accounts NFT Mutant Hounbds, AKCB and Chimpers projects.
Was the same scammer named Lock who compromised Mutant Hounds, AKCB, and Chimpers Twitter accounts recently. pic.twitter.com/YSgy6SnvJr
— ZachXBT (@zachxbt) January 27, 2023
He also explains that the fault could come from the side of Twitter and that the Azuki teams could have done nothing more to prevent the attack, which would explain the flaw bypassing 2FA, a recognized security measure. Indeed, we have already seen some hackers willing to pay large sums in the past to circumvent the security of Twitter accounts.
However, this is just speculation, and nothing has been confirmed yet. However, it would be very interesting to understand how the same hacker was able to gain access to so many different Twitter accounts.
👉 On the same subject – $1.4 million in NFTs stolen: How to avoid these new phishing attacks?
Cryptoast launches its 1st collection of NFTs
NFTs associated with a collector paper journal 🔥
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.
Leave a Reply