Over the weekend, a hacker gained unauthorized access to the X account of Ethereum co-founder Vitalik Buterin, using it to post a malicious link to his 4.9 million followers, draining approximately $691,000.
The disguised post posed as a free commemorative non-fungible token (NFT) offer from software company ConsenSys. Individuals who clicked on the link and connected their digital wallets with the intention of minting an NFT found their funds drained by the attacker.
Phishing is a growing cybersecurity threat within the digital collectibles space, while seemingly capitalizing off the ignorance and excitement of users on X, for the sole purpose of convincing users that the link or post they are clicking on is legitimate so they can steal personally identifiable information – in this case, access to a crypto and NFT wallet.
Last year, $3.8 billion was stolen in phishing attacks, with hacking groups like The Lazarus Group responsible for most of them.
While the exact number of victims from this attack is unknown at this time, blockchain investigator ZachXBT revealed on X that the hacker managed to steal approximately $691,000. The irony, however, is that following the attack, the hacker sent Buterin an NFT named “Vitalik.”.
Dmitriy Buterin, Vitalik’s father, shared a warning post to users, alerting them to the hijacking of Vitalik’s wallet.
The breach of Buterin’s X account is a stark reminder of the importance of online safety and security precautions when it comes to potential “phishing links” especially when it comes from highly influential accounts, that are commonly targeted for these attacks.
Always exercise caution when connecting your wallet or signing any transactions in the web3 space, as vulnerabilities can expose you to malicious actors. SIM swapping attacks are also surging and it’s crucial to stay informed; read our short guide on SIM swap attacks to ensure your digital assets remain protected.
Editor’s note: This article was written by an nft now staff member in collaboration with OpenAI’s GPT-3.