...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
Stolen NFTs included 74 Otherdeeds (floor price ~$2,700 each), 3 Porsche NFTs (floor ~$3,100), 57 Beanz (floor ~$2,600), 12 Doodles (floor ~$10,600), 2 Mutant Apes (floor ~$24,300), and 49 Pudgy Penguins (floor ~$9,200) to the attacker. Altogether, those stolen NFTs could fetch almost ~$1 million if sold at floor price.
One single wallet transferred 750,000 of the USDC stablecoin to the attacker, resulting in a particularly brutal loss for one individual.
The thief also stole an Autoglyph NFT, which rarely change hands, but which have most recently sold for around 200 ETH ($312,000). Rose had been offering his Autoglyph for sale for 345 ETH ($539,000), but had yet to find a buyer.
Fortunately for Rose, the hacker was apparently unable to steal a CryptoPunk NFT he owned that resembles a zombie. The rare zombie variant of the already pricey NFT have fetched millions — albeit in periods of stronger interest in NFTs.
According to NFT GOD, not only did the hackers drain his crypto wallet of his NFTs and crypto, including his beloved Mutant Ape, but they also hijacked his accounts to send out phishing links to his substantial followers.
The person who purchased the stolen ape (for 16.65 ETH, ~$25,800) said he was willing to sell the ape back to NFT GOD for the same price they paid for it, which seemed to be taken as good news by NFT GOD.
Security firm SlowMist attributed the attack to a token that had been replaced with a new version, but whose original version remained active on the platform. The attacker was able to mint and redeem tokens in the old market, while borrowing against them in the new one, ultimately making off with the majority of the assets on the platform.
The thief quickly flipped all of the NFTs for around 417 ETH ($525,000). It's unclear if one of the CryptoPunks was stolen, as it was transferred to a wallet to whom CryptoNovo has previously made transfers, but that NFT too was sold for 75 ETH ($94,200).
The thief made a pretty penny, but the loss to CryptoNovo is more substantial based on how much money they spent on the NFTs. They had purchased the Bored Ape in August 2021 for 30 ETH (then around $100,000), and CryptoPunk #4608 in September 2021 for 290 ETH (then $850,000).
The attack appears to have been phishing-related.
Magic Eden acknowledged the issue in a tweet, asking users to contact their support if they had bought any of the fake NFTs. Various users on Twitter had reported buying the spoofed NFTs, paying 20–50 SOL ($266–$666) for fake NFTs that appeared as though they were a part of a verified collection that usually sold for around 165 SOL ($2,200).
Clicking in to the NFT details showed that they were a part of a different collection that was not verified, but they appeared in listings among the verified NFTs, and were in some cases quickly purchased by collectors who thought they were taking advantage of a seller's mistake in listing the NFT.
The sudden sale of such a large number GMX tokens (which are comparatively illiquid compared to much larger cryptocurrencies like Ethereum) caused the price to suddenly drop from ~$41.50 to ~$38 per token, though the token price recovered fairly quickly. GMX is the native token for the defi exchange of the same name.
"What the fuck is happening, why my 5 years old kid watching porn JPEGs on [Magic Eden's] website" tweeted one shocked user.
The issue was resolved fairly quickly, although some visitors continued to see the unsavory images for a while longer due to browser caching.
Gopalani tweeted that "I was hacked by a clever Phisher (same phone # as apple ID) & sold all my clone x / some other nfts... Obviously pretty upset and hurt by this and I havent really been able to move all day." He didn't provide further details, but a tweet by RTFKT CTO Samuel Cardillo suggested that Gopalani may have provided passwords or private keys to a phisher.
Dashjr complained on Twitter about having trouble getting in contact with the FBI about the theft. Some joked about the irony of a Bitcoin maximalist running to the FBI when his coins were stolen.
There are some questions about the veracity of Dashjr's claims, given his supposed security practices, the extent of the breach, and some of his odd comments on Twitter.
No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.
