Hackers stole 29 Moonbirds NFTs worth $1.5 million by tricking a user into signing a fraudulent transaction via phishing links.
During a phishing attempt on Tuesday, 29 Moonbirds valued around 750 Ethereum (ETH) ($1.5 million) were stolen from their owner, DigitalOrnithologist. According to a tweet from @CirrusNFT on Wednesday morning, the victim lost their NFTs after clicking on a phishing link provided by a scammer.
Moonbirds is an Ethereum NFT with over 10,000 PFPs of cartoon-style owls (pictures for proof). Investors are given access to the “PROOF community” and are able to “nest” their NFT owls in order to earn prizes and future advantages.
Phishing is a sort of social engineering fraud in which attackers transmit links to malicious websites that look to be legitimate financial transaction sites. The victim then submits sensitive information onto the site or grants the site access to their financial information (wallets, bank accounts, etc. ), and the attacker takes the victim’s cash.
The individual behind the phishing attempt, according to Twitter user @0xLosingMoney, has been identified. A person identified @DVincent_ was connected to the hoax, however he has since deactivated his account. @0xLosingMoney shared a snapshot of the account as well as the website where the hacker allegedly stole the 29 Moonbirds NFTs.
@DVincent_ allegedly contacted the victim and offered to exchange NFTs using the p2peers.io website, which has since been removed. The victim visited the website and accepted the hacker’s wallet, allowing the hacker to take the victim’s NFTs.
While information on how the assault was carried out are scant, it was almost certainly a fraudulent connection request. Users are asked to link their wallets and accept a certain function in some phishing campaigns. The feature that is being allowed, on the other hand, may be one that enables an external user to access their wallet and move the contents out.
According to Twitter user @CirrusNFT, the victim may have been duped into signing a fraudulent transaction after being attracted to a bogus trading site:
@CirrusNFT tweeted, “Sounds like the fraudster connected the victim to a bogus trading site and got him to sign a faulty transaction.”
Over the last several months, the NFT space has been subjected to many hacking and phishing assaults. Hackers stole millions of dollars worth of NFTs from the NFT marketplace OpenSea in February. Axie Infinity’s Ronin Network had almost $615 million worth of ETH stolen in March.
To defend themselves from future phishing assaults, NFT and crypto investors must be watchful. Users should constantly verify links, and if they have any worries about the validity of a site, they should not visit it or connect their wallets to it.