Arthur Cheong, the founder of DeFi and DeFiance Capital, a web3-focused venture capital firm, was hit by a hack today, losing more than $1.6 million in non-fungible tokens (NFTs). Cheong’s Ethereum wallet was hacked, and the hacker began extracting NFTs.
On Tuesday, Cheong confirmed this in a tweet.
He wrote, “I’m not sure what happened.” “I’ll have to think about it for a while.” This was not something I expected to happen to me as well. I’m assuming there will be no more usage of hot wallets.”
17 Azuki, 5 CloneX, 2 Hedgies, and 33 Second Self were taken, according to PeckShield, a security and analytics firm. The hacker stole all of these well-known NFT collections, which he then sold on marketplaces like OpenSea. 68 wrapped Ethereum (wETH), 4,349 staked DYDX (stkDYDX), and 1,578 LooksRare (LOOKS) tokens were also sent by the hacker.
The hacker’s wallet now has 585 ETH ($1.76 million), which may be traced back to Cheong’s wallet. According to Cheong, the number might become much higher since the hacker seems to be in the middle of transferring funds.
The hacker used a’spear phishing’ email to install malware on his device, extracting the seed phrase for his crypto wallet, according to DeFiance’s developer. He also sent a picture of the email.
“I’ve found the most likely cause of the vulnerability; it’s a targeted social engineering attack,” Cheong stated on Twitter. I received a spear-phishing email that looks to have been sent by one of our portcos and includes industry-related information.”
“You dealt with the wrong man,” Cheong advised, as the hacker took on one of the industry’s most powerful figures.
As he asked that individuals block the hacker’s wallet, the crypto community came to his aid, supporting him in regaining the stolen goods. Many people on Twitter have been trying to figure out how the incident occurred and how the hacker got access to the victims’ wallets.
A member of the NFT community named “Cirrus” went so far as to buy two of the stolen Azuki NFTs and return them to Arthur at his cost. “I realized they were hacked, and instead of benefitting from them like the other individuals who got their hands on some of his,” Cirrus stated, “I chose to sell them back to him at a loss to help him.”
This event highlights the need of operational security when dealing with crypto asset self-custody, since even the industry’s highest-ranking personnel might be attacked.
This isn’t the first time that high-profile investors’ valuable NFTs have been taken by hackers. Kramer, a New York-based NFT collector, claimed in January 2022 that his wallet had been hacked and that $2.2 million worth of Bored Apes and Mutant Apes had been stolen.