Arthur, a crypto investor and founder of the crypto venture fund, DeFiance Capital is the latest to fall victim to an NFT scam. Apparently, the hacker gained access to Arthur’s wallet via a “targeted social engineering attack”. Their wallet contained several Azuki NFTs, all of which, unfortunately, have now been sold for cheap.
“Well this hit me hard,” Arthur tweeted today. “But if I got exploited as a fairly sophisticated 5 years crypto user (DeFi user, password manager, mostly hardware wallet)…I’m not sure how I can persuade most normal people to put a substantial part of their networth onchain anymore.”
NFT scam: What happened?
According to Arthur, the likely cause of the attack is a phishing mail they received a few weeks back.
“Found out the likely root cause for the exploit, it’s a targeted social engineering attack,” Arthur tweeted. He added that he received a “spear-phishing email”, seemingly from one of their portfolio companies. Furthermore, the e-mail content seemed to be “general industry-relevant content.”
In addition, two “seemingly legitimate sources” sent the email. In the image Arthur shared on Twitter, the email had a .docx file attached, titled “A huge risk of stablecoin’. When Arthur opened the file, an image stating, “Azure Information Protection” popped up. Unfortunately, the anti-virus software on the system did not recognise the file as malware.
Then, an unsuspecting Arthur opened the file on their computer, leading the hacker to access two hot wallets on the PC. Eventually, the hacker drained the NFTs from Arthur’s compromised wallets.
Amid the increasing number of NFT scams, one can never be too careful. After all, fraudsters are becoming cleverer and more notorious by the day. Last month, in an NFT scam, NFT collectors received fake invitations from the ‘NFL commissioner’ to use their NFTs in the Super Bowl halftime commercial.