Hacked Azuki Twitter account enables theft of pricey NFTs and crypto priced at more than $1.74 million

A green zombie-looking ape with a red warty mouth and sharp teeth, with a turquoise hachimaki and a tie-dye shirtMutant Ape #16924, which most recently sold for ~$23,400 (attribution)
Hackers were able to compromise the Twitter account belonging to the popular Azuki NFT project, which they then used to promote a fake NFT drop to its 334,000 followers. Users who tried to mint the NFTs instead had their wallets emptied of pricey NFTs and cryptocurrencies.

Stolen NFTs included 74 Otherdeeds (floor price ~$2,700 each), 3 Porsche NFTs (floor ~$3,100), 57 Beanz (floor ~$2,600), 12 Doodles (floor ~$10,600), 2 Mutant Apes (floor ~$24,300), and 49 Pudgy Penguins (floor ~$9,200) to the attacker. Altogether, those stolen NFTs could fetch almost ~$1 million if sold at floor price.

One single wallet transferred 750,000 of the USDC stablecoin to the attacker, resulting in a particularly brutal loss for one individual.

Kevin Rose loses pricey NFTs to wallet hack

A rainbow scribble, with a filter applied to make it appear somewhat blurryChromie Squiggle #9639, which Rose bought for 16 ETH (~$26,000) in August 2022 (attribution)
Kevin Rose, perhaps best known as the founder of Digg, but also a prominent crypto investor and entrepreneur, lost a substantial number of pricey NFTs when he apparently signed a malicious transaction. The hacker stole 25 Squiggles NFTs, which are trading at a floor price of 13.3 ETH, putting the estimated price based on the floor price at around 332.5 ETH (~$519,000). Rose acquired the Squiggles for between 6.3 and 16 ETH each (~$10,000 to $25,000).

The thief also stole an Autoglyph NFT, which rarely change hands, but which have most recently sold for around 200 ETH ($312,000). Rose had been offering his Autoglyph for sale for 345 ETH ($539,000), but had yet to find a buyer.

Fortunately for Rose, the hacker was apparently unable to steal a CryptoPunk NFT he owned that resembles a zombie. The rare zombie variant of the already pricey NFT have fetched millions — albeit in periods of stronger interest in NFTs.

NFT GOD's wallet drained, accounts used to phish others after malware infection

A Mutant Ape with x-ed out eyes, snot on its face, and a green fur coat with skulls sticking out of itMAYC #22284 (attribution)
According to NFT GOD, his computer was infected with malware when he clicked a sponsored link in a Google search when he went to download the streaming software OBS. This is similar to an attack in April 2022 where scammers stole millions using malicious Google ads.

According to NFT GOD, not only did the hackers drain his crypto wallet of his NFTs and crypto, including his beloved Mutant Ape, but they also hijacked his accounts to send out phishing links to his substantial followers.

The person who purchased the stolen ape (for 16.65 ETH, ~$25,800) said he was willing to sell the ape back to NFT GOD for the same price they paid for it, which seemed to be taken as good news by NFT GOD.

LendHub reports $6 million hack

In a Twitter thread, LendHub published a message stating that "hackers stole about 6 million US dollars of assets from Lendhub". They wrote that they had "locked the hacker's attack address", but whatever they meant by this was not enough to stop the thief from transferring 1,100 ETH (~$1,562,000) to Tornado Cash to tumble.

Security firm SlowMist attributed the attack to a token that had been replaced with a new version, but whose original version remained active on the platform. The attacker was able to mint and redeem tokens in the old market, while borrowing against them in the new one, ultimately making off with the majority of the assets on the platform.

NFTs reportedly stolen from influencer CryptoNovo, flipped for at least $525,000

A pixel art human head, wearing a grey hoodie and with a brown goatee, on a red-brown background.CryptoPunk #4608 (attribution)
Crypto influencer CryptoNovo tweeted, "I just got hacked!!! Are you kidding me!?!" with a screenshot of valuable CryptoPunk NFTs being transferred from their account. An attacker apparently transferred from CryptoNovo's wallet two or three CryptoPunks, one Bored Ape, one Mutant Ape, three Meebits, and two CloneX NFTs — all "blue chip" NFTs that fetch high prices.

The thief quickly flipped all of the NFTs for around 417 ETH ($525,000). It's unclear if one of the CryptoPunks was stolen, as it was transferred to a wallet to whom CryptoNovo has previously made transfers, but that NFT too was sold for 75 ETH ($94,200).

The thief made a pretty penny, but the loss to CryptoNovo is more substantial based on how much money they spent on the NFTs. They had purchased the Bored Ape in August 2021 for 30 ETH (then around $100,000), and CryptoPunk #4608 in September 2021 for 290 ETH (then $850,000).

The attack appears to have been phishing-related.

Fake NFTs listed under verified collections on Magic Eden marketplace

A simplistic drawing of a girl holding a broom with a carrot at the end of it. She has blue skin and there is a bird next to her.ABC #2157 (attribution)
Magic Eden, as with many NFT marketplaces, has a verification layer that shows popular projects as "verified" to reduce the chances of people being tricked by NFTs with the same images and names that are not a part of the official collection. However, someone was able to list NFTs they had arbitrarily created on the Magic Eden marketplace in such a way that they appeared as though they were a part of a verified collection of "ABCs" NFTs. The issue also affected a handful of other collections, including the popular "y00ts" collection.

Magic Eden acknowledged the issue in a tweet, asking users to contact their support if they had bought any of the fake NFTs. Various users on Twitter had reported buying the spoofed NFTs, paying 20–50 SOL ($266–$666) for fake NFTs that appeared as though they were a part of a verified collection that usually sold for around 165 SOL ($2,200).

Clicking in to the NFT details showed that they were a part of a different collection that was not verified, but they appeared in listings among the verified NFTs, and were in some cases quickly purchased by collectors who thought they were taking advantage of a seller's mistake in listing the NFT.

Hackers steal $3.2 million from GMX whale

A chart of the GMX price over a one day period on January 3, 2023. Around 3pm there is a sudden drop from around $41.50 to just above $38, which then rebounds to around $40 fairly quickly before drifting back up towards $41.50.GMX/USD on January 3 (attribution)
An apparent wallet compromise netted hackers 82,519 GMX tokens from a wallet belonging to a GMX whale. The hackers exchanged these tokens for 2,627 ETH ($3.18 million), then swapped the assets cross-chain.

The sudden sale of such a large number GMX tokens (which are comparatively illiquid compared to much larger cryptocurrencies like Ethereum) caused the price to suddenly drop from ~$41.50 to ~$38 per token, though the token price recovered fairly quickly. GMX is the native token for the defi exchange of the same name.

Users of several NFT marketplaces see porn, Big Bang Theory stills appearing instead of their NFT images

A grid of Goonie NFTs from the RetroGoons project. Most are illustrations of monkey figures, but one has been replaced with a photograph of a nude woman.A collection on Magic Eden during the compromise (attribution)
Users of NFT marketplaces and explorer applications including Magic Eden, NFT Explorer, and Rand Gallery were briefly shown pornographic images and still frames from the Big Bang Theory television show instead of the expected NFT images after someone compromised a third-party image caching service. The affected NFTs used images stored on the decentralized storage system IPFS, and the NFTs themselves were not impacted. However, a third-party caching service used by the NFT platforms caused in some cases very unexpected images to display instead.

"What the fuck is happening, why my 5 years old kid watching porn JPEGs on [Magic Eden's] website" tweeted one shocked user.

The issue was resolved fairly quickly, although some visitors continued to see the unsavory images for a while longer due to browser caching.

Hacker drains the wallet of the RTFKT crypto project's COO

A silver robot wearing a pink octopus as a hat, and with light pink wings and rainbow-colored pointy teethCloneX #17088, which the hacker flipped for almost $14,000 (attribution)
An attacker drained the wallet of Nikhil Gopalani, the COO of the Nike-owned crypto organization RTFKT. Most of the stolen NFTs were RTFKT NFTs, and the priciest were the nineteen CloneX NFTs that the thief flipped for between $5,850 and $13,960 each, for a total of 112.3 ETH ($136,000). Gopalani's wallet was also relieved of nineteen RTFKT Animus Eggs (priced at a cumulative ~$20,000 based on floor price) and eleven RTFKT x Nike Dunk Genesis CRYPTOKICKS NFTs (priced at a cumulative $3,300).

Gopalani tweeted that "I was hacked by a clever Phisher (same phone # as apple ID) & sold all my clone x / some other nfts... Obviously pretty upset and hurt by this and I havent really been able to move all day." He didn't provide further details, but a tweet by RTFKT CTO Samuel Cardillo suggested that Gopalani may have provided passwords or private keys to a phisher.

Bitcoin core developer claims his wallets were compromised, more than 216 BTC (~$3.6 million) stolen

One of the original Bitcoin core developers, Luke Dashjr, claimed on Twitter that attackers had managed to compromise multiple wallets — which he described as both hot and cold wallets — to steal all of his Bitcoins. Dashjr originally blamed the attack on a PGP key compromise, but later said the PGP compromise was only a part of a much broader hack where attackers also bypassed two-factor authentication and got access to what he had believed to be a cold wallet.

Dashjr complained on Twitter about having trouble getting in contact with the FBI about the theft. Some joked about the irony of a Bitcoin maximalist running to the FBI when his coins were stolen.

There are some questions about the veracity of Dashjr's claims, given his supposed security practices, the extent of the breach, and some of his odd comments on Twitter.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.