Azuki’s Twitter account was hacked, several NFTs and $750,000 were stolen.
Unfortunately, collections of non-tradable tokens (NFTs) continue to be a prime target for hackers, and the Azuki project paid off. A malicious person hijacked the project’s Twitter account to share a phishing link and managed to steal funds from some users.
Azuki’s Twitter account is in the wrong hands
Friday, January 27 non-fungible token (NFT) project Azuki’s Twitter account has been hacked. The person responsible for the mischief invited the Azuki community to come and “claim the land” in The Garden, a metaverse dedicated to collecting.
Screenshot of malicious tweet after deletion (hidden link)
Unfortunately, members of the Azuki community have emptied their wallets through this link, which at first glance seems honest. granting malicious permissions on a phishing site. In just 30 minutes, the hacker recovered 11 NFTs and 3.9 ETH, then sent 750,000 USDC to his wallet, known as phishing by Etherscan.
The USDCs were then sent to another wallet identified by Etherscan. exchanged their tokens for WETH (twisted Ether) thanks to the decentralized finance protocol (DeFi). Uniswap V3 through 2 separate transactions seen here and here .
Rose, the project’s community manager, quickly confirmed that Azuki’s account had been hacked. Fortunately, thanks to the sensitivity of the community, the damage was relatively limited, as, for example, MetaMask, Phantom or ZenGo quickly blocked the associated domain to protect their users.
? Discover our guide to storing and protecting your cryptocurrencies
All in one crypto app
0 commission on your first crypto purchase ? (up to $200)
A rather dark business
Fortunately, Azuki’s Twitter account was restored later in the eveningand overnight a postmortem was tweeted from the project.
1/ The @AzukiOfficial Twitter was hacked today. A series of malicious tweets were posted in the early hours of Friday, January 27th (Pacific Time).
The team regained control @AzukiOfficial Twitter.
Details below ?
— Azuki (@AzukiOfficial) January 27, 2023
As indicated in the thread, the Twitter account was restored relatively quickly thanks to the joint work with the social network teams. However, the origin of the flaw remains a complete mystery, as seen in the press release, that the respective account is secured by two-factor authentication (2FA). Therefore, Azuki launched a study to shed light on this topic.
ZachXBT, known for his ten-chain studies, but apparently found a leading start. According to him, it is the same person who managed to hack Twitter accounts NFT Mutant Hounbds, AKCB and Chimpers projects.
It was a scammer named Lock who recently hijacked the Twitter accounts of Mutant Hounds, AKCB and Chimpers. pic.twitter.com/YSgy6SnvJr
— ZachXBT (@zachxbt) January 27, 2023
He also explains that Twitter may also be to blame and Azuki’s teams could have done nothing else to prevent the attack, which would explain the bypassing of a well-known security measure, 2FA. Indeed, we have already seen it some hackers are willing to pay huge sums to bypass the security of Twitter accounts in the past.
However, this is just speculation and nothing has been confirmed yet. However, it would be very interesting to understand how the same hacker managed to access so many different Twitter accounts.
? In the same thread – $1.4 million in NFTs stolen: How to avoid these new phishing attacks?
Cryptoast introduces its first NFT collection
NFTs related to collectible paper magazine ?
Get a roundup of cryptocurrency news every Monday by email ?
What you need to know about affiliate links. This page presents assets, products or services related to investments. Some of the links in this article are affiliate. This means that if you buy a product from this article or register on the site, our partner pays us a commission. This allows you to continue to offer original and useful content. There is no impact on you and you can even get a bonus using our links.
Investing in cryptocurrencies is risky. Cryptoast is not responsible for the quality of the products or services provided on this page and is not responsible, directly or indirectly, for any damage or loss resulting from the use of the goods or services highlighted in this article. Investing in cryptoassets is risky, readers should do their own research before taking any action and invest only within their financial means. This article is not investment advice.
AIF recommendations. There is no guaranteed high return, a high return product involves high risk. This risk-taking should be appropriate to your project, your investment horizon and your ability to lose some of this savings. Do not invest unless you are prepared to lose all or part of your capital.
To go further, read our Financial Status, Media Transparency and Legal Notices pages.