Quick take:
- The hacker stole 585 ETH worth of NFTs from Arthur Cheong.
- Cheong tweeted that the hack was a “targeted social engineering attack”.
- NFT trader “Cirrus” bought two of Cheong’s stolen NFTs.
Arthur Cheong, founder of DeFi venture capital firm DeFiance Capital, had $1.7 million worth of NFTs drained from his Ethereum hot wallet today.
Cheong confirmed the hack on Twitter, saying that it was a “targeted social engineering attack.” He received a spear-phishing email that looked like it was sent from one of his portfolio companies with industry-relevant content.
His hot wallet was hijacked after opening a PDF file in the email. According to blockchain security company Peckshield, the stolen NFTs included an estimate of 5 CloneX, 17 Azuki, 2 Tsubasa, 2 Hedgies, 33 Second Self and 19 other NFTs worth 233 ETH.
Besides the NFTs that were promptly put up by the hacker for sale on OpenSea, tokens like WETH, ido DAO Token, LooksRare and DYDX were also transferred to the hacker’s wallet. The hacker’s wallet contains a total of 585 ETH (more than $17 million) worth of digital assets stolen from Cheong.
NFT collector “robbyhammz” on Twitter warned against buying NFTs from the hacker’s address, but an NFT trader known as “Cirrus” bought two of Cheong’s stolen Azuki NFTs and offered to return them at cost.
Cheong later discovered that an advanced persistent threat (APT) group, BlueNoroff, was likely responsible for the exploit. The name of the mysterious group was coined by Kaspersky researchers while they were investigating the attack on Bangladesh’s Central Bank back in 2016.
While BlueNoroff is known for its attack on the banking sector, a Kaspersky intelligence report stated that the APT group appears to have shifted focus to solely cryptocurrency businesses as the “main source of the group’s illegal income.”
Published on Jan 13 before today’s incident, the report goes into detail in explaining how Cheong got hacked, a sign that others have experienced the same exploit.
“A document sent from one colleague to another on a topic, which is currently being discussed, is unlikely to trigger any suspicion. BlueNoroff compromises companies through precise identification of the necessary people and the topics they are discussing at a given time,” the report continued. “In a simple scenario, it can appear as a notification of a shared document via Google Drive from one colleague/friend to another.”
Other than spear-phishing, the NFT space has been seeing different types of exploits that have led to millions of dollars worth of NFTs being stolen over the past few months. In December, Hong Kong-based NFT project Monkey Kingdom lost $1.3 million to hackers.
In January, hackers breached 10 hot wallets on sports NFT minting platform Lympo, stealing an equivalent of $18.7 million. Hackers also exploited a bug on OpenSea that allowed them to snap up NFTs at previously listed prices on inactive listings.
Recently, hackers stole Smol Brains NFT from the Treasure NFT marketplace.
Stay up to date:
