2 years ago
This proves yet again that adjacent the astir experienced crypto enthusiasts are not immune to cyberattacks.
Liam Frost / Mar. 22, 2022 astatine 7:00 p.m. UTC / 2 min read
Cover art/illustration via CryptoSlate
Arthur Cheong, the laminitis of crypto-asset money DeFiance Capital who is besides known arsenic Arthur_0x connected Crypto Twitter, became the latest people of a “social engineering attack” today, losing astir $1.8 cardinal worthy of crypto and non-fungible tokens (NFTs).
The lone happening I tin accidental to the hacker is: you messiness with the incorrect person.
— Arthur 🌔⛩️🦔👻 (@Arthur_0x) March 22, 2022
“The lone happening I tin accidental to the hacker is: you messiness with the incorrect person,” Cheong wrote pursuing the attack. “Was beauteous cautious and stuck with lone utilizing hardware wallet connected PC until I commencement trading NFT much regularly. Hot wallet connected mobile telephone is so not harmless enough.”
According to Cheong, an chartless hacker (or a group) has compromised his blistery (i.e. connected to the Internet) wallet and drained cryptocurrencies arsenic good arsenic NFTs. The second were past enactment up for merchantability connected OpenSea marketplace “for cheap.”
In total, it appears the hacker has got his hands connected astir 80 NFTs (mostly Azukis), 68 Wrapped Ether, 4,349 Staked DYDX, and 1,578 LooksRare tokens.
At property time, the hacker’s wallet, which has been receiving the profits from NFT sales, held conscionable implicit 585 Ethereum ($1.76 million) and astir $12,700 successful different tokens.
No 1 is safe
A fewer hours aft the hack, Cheong revealed that helium seemingly fell unfortunate to a “targeted societal engineering attack” and accidentally opened a “spear-phishing email.”
“Found retired the apt basal origin for the exploit, it’s a targeted societal engineering attack. Received a spear-phishing email that truly seems to beryllium sent by 1 of our portco with contented that seems similar wide industry-relevant content,” helium tweeted. “They are apt targeting each crypto peep.”
Was being careless connected this 1 since it comes from 2 seemingly morganatic sources.
Once I unfastened the record past I spot the images beneath and past it proceed to the mean PDF document, didn't fishy what's incorrect backmost then:https://t.co/i3bfHCMWYe
— Arthur 🌔⛩️🦔👻 (@Arthur_0x) March 22, 2022
Cheong besides acknowledged that it was “careless” of him to unfastened the attached record and noted that “none of the anti-virus picked up this record arsenic malicious.” Additionally, the email successful question was sent “from 2 seemingly morganatic sources.”
Namely, from “[email protected],” arsenic 1 of the screenshots provided by Cheong showed. As such, the hacker was aiming to disguise himself arsenic Jehan Chu, a co-founder and managing spouse astatine blockchain-focused task institution Kenetic Capital.
Commenting connected the attack, Cheong besides pointed retired that everyone should beryllium ever vigilant successful the crypto industry, careless of however overmuch acquisition successful the abstraction they have.
“Well this deed maine hard but if I got exploited arsenic a reasonably blase 5 years crypto idiosyncratic (DeFi user, password manager, mostly hardware wallet),” helium wrote. “I’m not definite however I tin transportation astir mean radical to enactment a important portion of their networth onchain anymore.”
Get your regular recap of Bitcoin, DeFi, NFT and Web3 quality from CryptoSlate
Get an Edge connected the Crypto Market 👇
Become a subordinate of CryptoSlate Edge and entree our exclusive Discord community, much exclusive contented and analysis.
On-chain analysis
Price snapshots
More context
English (US) 