35 NFTs including Bored Apes stolen via phishing attack in last week alone

Quick Take

  • A number of verified Twitter accounts have been hacked in the last week, in order to tweet out links to a phishing site.
  • This attack led to the theft of 35 NFTs worth over $900,000.

At least 35 NFTs have been stolen due to a widespread phishing attack involving hacked Twitter accounts, according to data from blockchain analytics company Elliptic.

Scammers have made off with at least $900,000 in NFTs over the past week, per Elliptic. Five of the stolen items were Bored Ape, Mutant Ape or Bored Ape Kennel Club NFTs, and nine high profile individuals have reported falling victim to the attack. 

Earlier this month, BAYC launched an airdrop of ApeCoin tokens for Bored and Mutant Ape NFT holders. For this attack, scammers hacked multiple verified Twitter accounts in order to promote links to a URL impersonating an ApeCoin token airdrop site. Some of the Twitter accounts had more than 50,000 followers.

Unsuspecting victims who clicked on the phishing links included both BAYC NFT owners and non-holders willing to cough up 0.33 ETH ($1,130) to take part. However, instead of registering for the chance to claim ApeCoin tokens in a new airdrop, they found themselves faced with malicious code that gave the scammers access to their wallet.

“The tweet looked strange, but this is someone that I had actually followed [previously] so I didn’t overthink it... I clicked the link in the tweet and was immediately prompted to connect my wallet, which I did not do,” explained Aaron Cadena, co-founder of NFT-themed vaping company Gutter Bars, in a tweet thread detailing how his #2017 and #2904 Gutter Cats were taken.

 “After clicking cancel, the prompt kept popping up over and over again. I clicked cancel a few more times, then caught onto what was happening and tried leaving the site but my screen was locked.”

Cadena describes how, despite force quitting the browser, he received a notification that two assets had been transferred from his wallet. 

“It felt like a punch in the gut. I’m not sure how this was done since I never connected my wallet,” he said, adding that third parties later agreed to sell the NFTs back to him at cost. “After this whole ordeal, I’ll be out 20 ETH, which sucks, but it could’ve been a lot worse.”

AnChain.ai, which published a separate breakdown of the scam, said that “the fact that hacked verified accounts are not triggering Twitter’s spam detection when using a script to push out multiple tweets per second is absurd.”

 Twitter has not responded to requests for comment by press time.

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Trending Stories

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

The TRON Ecosystem Thrives Amidst Market Chaos

TRON DAO has announced the launch of a $10 million incentive fund in light of recent events to support Terra developers migrating to the TRON ecosystem, including TRON’s EVM compatible cross-chain solution BitTorrent Chain (BTTC), which helps facilitate the seamless transfer of assets across mainstream public chains, including TRON, Ethereum, and BNB Chain. 
Read Full Story
Sponsored Post

Layer-2 Scaling Solutions: A Framework for Comparison - Commissioned by Polygon

Ethereum had a breakout year in 2021. It’s native asset, ETH’s, market capitalization surpassed $500 billion for the first time. Its network facilitated upwards of $7 trillion value transfer. Non-fungible tokens (NFTs) emerged as another “killer application” that have put its technology on the global stage and caught the attention of the masses.
Read Full Story
May 5, 2022, 3:17PM UTC