Azuki’s Twitter account was hacked, some NFTs and $750,000 were stolen
Collections of non-fungible tokens (NFTs) unfortunately continue to be a prime target for hackers, and the Azuki project has paid the price. A malicious individual took over the project’s Twitter account to share a phishing link and managed to steal funds from several users.
Azuki’s Twitter account is in the wrong hands
Friday, January 27, The non-fungible token (NFT) project on Azuki’s Twitter account was hacked. The person responsible for the mischief invited the Azuki community to come and “claim the land” in “The Garden”, the metaverse dedicated to the collection.
Screenshot of malicious tweet, since deleted (hidden link)
Unfortunately, with this link that seems all honest at first glance, the members of the Azuki community have emptied their wallets giving malicious permission to the phishing site. In about 30 minutes, the hacker recovered 11 NFTs and 3.9 ETH, then sent 750,000 USDC to his wallet which was now identified as phishing by Etherscan.
The USDCs are then sent to another wallet, also identified by Etherscan, which traded its tokens to WETH (wrapped Ether) thanks to the decentralized finance protocol (DeFi) Uniswap V3 via 2 separate transactions which can be found here and here.
The project’s community manager, Rose, quickly confirmed the hacking of the Azuki account. Fortunately, the damage was relatively limited thanks to the response of the community, as MetaMask, for example, quickly blocked the domain in question to protect its users, as Phantom or ZenGo did.
? Discover our tutorial to store and secure your cryptocurrencies
The all-in-one crypto app
0 fees for your first crypto purchase ? (up to $200)
A rather dark affair
Fortunately, Azuki’s Twitter account was recovered last nightand a post-mortem tweet was posted overnight from the project.
1/ The @AzukiOfficial Twitter is now compromised. A series of malicious tweets were posted on the morning of Friday, January 27th (Pacific Time).
The team regained control of the @AzukiOfficial Twitter.
Details below ?
— Azuki (@AzukiOfficial) January 27, 2023
As indicated in the thread, the Twitter account was recovered relatively quickly thanks to the work carried out with the social network teams. However, the mystery remains complete as to the source of the flaw, as it seems, according to the press release, that the associated account is secured by a two-factor authentication method (2FA). An investigation was therefore launched by Azuki to shed light on this subject.
ZachXBT, known for its on-chain investigations, however, seems to have found the beginning of a lead. According to him, this is the same individual who managed to hack the Twitter accounts NFT Mutant Hounbds, AKCB and Chimpers projects.
The same scammer named Lock compromised the Mutant Hounds, AKCB, and Chimpers Twitter accounts recently. pic.twitter.com/YSgy6SnvJr
— ZachXBT (@zachxbt) January 27, 2023
He also explained that the fault could come from Twitter’s side and that the Azuki teams could do nothing more to prevent the attack, which would explain the flaw in bypassing 2FA, a recognized security measure. In fact, we have seen it some hackers are willing to pay large sums in the past to circumvent the security of Twitter accounts.
However, this is just speculation, and nothing has been confirmed yet. However, it will be very interesting to understand how the same hacker gained access to so many different Twitter accounts.
? On the same topic – $1.4 million in NFTs stolen: How to avoid these new phishing attacks?
Cryptoast has launched its first collection of NFTs
NFTs associated with a collector paper journal ?
Receive a summary of crypto news every Monday by email ?
What you need to know about affiliate links. This page displays assets, products or services related to investments. Some links in this article are affiliate. This means that if you buy a product or register on a site from this article, our partner will pay us a commission. This allows us to continue to offer you original and useful content. No effect on you and you can get bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and cannot be held responsible, directly or indirectly, for any damage or loss caused after using a product or service highlighted in the article this. Investments related to crypto-assets are inherently risky, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. Taking this risk should be in line with your project, your investment horizon and your ability to lose part of these savings. Do not invest if you are not ready to lose all or part of your capital.
For more information, read our Financial Situation, Media Transparency and Legal Notices pages.