Unfortunately, collections of non-fungible tokens (NFTs) continue to be prime targets for hackers, and the Azuki project paid the price. A malicious person took over the project’s Twitter account to share a phishing link and managed to steal funds from some users.
https://cryptoast.fr/compte-twitter-azuki-fait-pirater-several-nft-750000-dollars-sont-derobes/
Azuki’s Twitter account in the wrong hands
Friday January 27th The Twitter account of the non-fungible token (NFT) project Azuki was hacked. The person responsible for the mischief invited the Azuki community to “claim land” in “The Garden,” the metaverse dedicated to the collection.
Screenshot of malicious tweet, now deleted (hidden link)
Unfortunately, this link, which had everything at first glance, to be honest, took money out of the pockets of members of the Azuki community Granting malicious permission on a phishing site. In just under 30 minutes, 11 NFTs and 3.9 ETH were recovered by the hacker, then 750,000 USDC was sent to his wallet, now identified as phishing by Etherscan.
The USDCs were then sent to another wallet, also identified by Etherscan. who exchanged their tokens for WETH (wrapped ether) thanks to the decentralized finance protocol (DeFi) Uniswap V3 via 2 separate transactions visible here and here.
The project’s community manager, Rose, quickly confirmed the Azuki account hack. Fortunately, the damage was relatively limited thanks to the responsiveness of the community, as MetaMask, for example, quickly blocked the domain in question to protect its users, just like Phantom or ZenGo could do.
π Discover our tutorial on storing and securing your cryptocurrencies
The all-in-one crypto app
0 fees for your 1st crypto purchase π₯ (up to $200)
A case with rather murky outlines
Fortunately, Azuki’s Twitter account was restored in the eveningand a post-mortem tweet from the project was posted overnight.
1/ The @AzukiOfficial Twitter was compromised today. A series of malicious tweets were posted on Friday morning, January 27 (Pacific Time).
The team has regained control of the @AzukiOfficial Twitter.
Details below π
β Azuki (@AzukiOfficial) January 27, 2023
As indicated in the thread, thanks to joint work with the social network teams, the Twitter account was restored relatively quickly. However, the mystery surrounding the origin of the bug remains complete, as it seems according to the press release. that the account in question has been secured by a two-factor authentication process (2FA). Therefore, an investigation was launched by Azuki to shed light on this issue.
ZachXBT, known for its on-chain investigations, however, seems to have found the beginning of a lead. According to him, it is the same person who managed to hack the Twitter accounts NFT Mutant Hounbds, AKCB and Chimpers projects.
Was the same scammer named Lock who recently compromised the Mutant Hounds, AKCB, and Chimpers Twitter accounts. pic.twitter.com/YSgy6SnvJr
β ZachXBT (@zachxbt) January 27, 2023
He also explains that the error could come from Twitter’s side and that there was nothing more the Azuki teams could have done to prevent the attack, which would explain the bug bypassing 2FA, a recognized security measure. In fact, we have already seen Some hackers are willing to pay large sums of money in the past to bypass Twitter account security.
However, this is just speculation and nothing has been confirmed yet. However, it would be very interesting to understand how the same hacker could gain access to so many different Twitter accounts.
π On the same topic – $1.4 million worth of NFTs stolen: how to avoid these new phishing attacks?
Cryptoast launches its first collection of NFTs
NFTs connected to a collectible paper journal π₯
Newsletters π
Receive a roundup of crypto news by email every Monday π
What you need to know about affiliate links. Assets, products or services related to investments are presented on this page. Some links in this article are affiliated. This means if you buy a product through this article or register on a site, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investing in cryptocurrencies is risky. Cryptoast is not responsible for the quality of any product or service presented on this site and cannot be held responsible, directly or indirectly, for any damage or loss resulting from the use of any good or service highlighted in this article. Investing in crypto assets is inherently risky, readers should do their own research before taking any action and only invest within their financial means. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential carries a high level of risk. This risk appetite must be consistent with your project, your investment horizon, and your ability to lose some of those savings. Do not invest unless you are prepared to lose some or all of your capital.
Read our Financial Position, Media Transparency and Legal Information pages.
Passionate about the world of decentralized finance and the innovations that Web 3.0 brings, I write articles for Cryptoast to make blockchain more accessible to everyone. Convinced that cryptocurrencies will change the future very soon.
Maximilian Prue
575 items