A hacker stole dozens of NFTs worth more than $1.4 million from a single collector on Tuesday, according to blockchain observers.
Pseudonymous blockchain researchers Andeh and Cirrus noticed the theft and explained what happened on Twitter. The stolen NFTs included 29 from the popular Moonbirds collection, which currently has a floor price (the minimum amount that an NFT goes for) of 24 ETH, or nearly $48,000. The hacker apparently tricked the victim into approving them as the operator of the wallet using a phishing website, and then siphoned off the NFTs.
The victim, who goes by Keith “Digital Ornithologist" on Twitter, told Motherboard that the hacker sent him to a phishing website set up with a smart contract, which he approved.
“On that site [the hacker] had a contract made to un-nest all my Moonbirds and move them in one swoop,” he said in an online chat, adding that at first it appeared the transactions were failing but eventually went through.
“No words can describe the level of life altering results this has caused.”
Keith claimed to be an oncologist and a father, and said that the scammer “hacked a father of three children under 6-years-old and a wife, and took all their hard earned money for the past 38 years accrued in a few minutes. No words can describe the level of life altering results this has caused,” he said. “I'm a doctor that takes care of patients with end stage pain (cancer) and have done much for the web3 community to thrive and grow.”
Keith sent a message to the hacker as an NFT in an attempt to recover the stolen images.
“Please return the stolen moonbirds to the original owner. Keep 1 for compensation,” the message read. “If [Moonbirds] are not returned by 5/25 @ 12p UTC, the police and FBI will be notified formally.”
Phishing scams are extremely common in the NFT world, since one wrong click can quickly and irreversibly transfer millions of dollars worth of tokens. Tal Be’ery, a cybersecurity researcher who’s also looked into the hack, told Motherboard that the hack wasn’t straightforward, however, as the hacker failed in their first attempt to steal the NFTs.
“The hackers tried to be more ‘stealth’ in the beginning and use a smart contract in the transaction for the victim to sign, but when they failed to operate it they resorted to using their ‘regular’ address (not a contract) convince the victim to sign again and it worked,” Tal Be’ery, who is the chief technology officer of ZenGo, a crypto wallet app, said. ’
Do you have information about hackers who target NFTs? Or any information about other web3 and crypto hacks? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email firstname.lastname@example.org
Ethereum blockchain explorer Etherscan shows the flurry of transactions from the victim’s wallet to the hacker in the last few hours. The 29 NFTs are flagged for “suspicious activity” on NFT trading platform OpenSea.
Keith said that the hacker befriended him on Twitter weeks ago, and they sometimes spoke via DMs on the website about Moonbirds, until he offered to buy his NFTs on Tuesday night. The hacker’s alleged Twitter account has since been deleted.
The theft comes roughly a week after actor Seth Green was phished and lost control of several high-value NFTs from the uber-popular Bored Ape Yacht Club collection. For the last several days, Green has tried to talk to the hacker who stole his NFTs to convince them to return them so he can use them in an upcoming show based on his NFT collection. Green is now grappling with the copyright implications of the theft, and said he hopes to make a deal with the hacker rather than go to court.
“We can prove the promise of ape community,” he tweeted.