29 Moonbirds worth roughly 750 Ethereum (ETH) ($1.5 million) were stolen from their owner, DigitalOrnithologist, during a phishing attack on Tuesday. The victim lost their NFTs after accessing a phishing link supplied by a fraudster, according to a tweet by @CirrusNFT on Wednesday morning.
29 Moonbirds were just stolen in a hack.
~750e (~$1,500,000) in value lost by clicking on a bad link.
Sickening seeing stuff like this. Let this be a reminder to never ever click on links and to bookmark the marketplaces/trading sites that you use. pic.twitter.com/7iWO5LMovL
— Cirrus (@CirrusNFT) May 25, 2022
Moonbirds is an Ethereum NFT collection of over 10,000 cartoon-style owls PFP’s (pictures for proof). Investors Holders are granted access to the “PROOF community” and given the ability to “nest” their NFT owls to accrue rewards and future benefits.
Phishing is a social engineering type of scam where attackers send potential victims links to malicious sites that appear to be reputable websites for financial transactions. The victim then enters sensitive information into the site or gives the site access to their financial details (wallets, bank details etc.,) and the attacker then steals the victim’s funds.
Twitter user @0xLosingMoney claims to have identified the person behind the phishing attack. The user linked the scam to a user named @DVincent_, who has now deleted his account. @0xLosingMoney posted a screenshot of the account and the site allegedly used by the hacker to steal the 29 Moonbirds NFTs.
🚨Community Scam Alert @p2peers 🚨
➼ I’ve done my best to find out what happened on-chain and retrieved as much info as I can.
Follow along with what I found 🧵👇 pic.twitter.com/lXRw6fgcCl
— Andeh #OnChain (@0xLosingMoney) May 25, 2022
Apparently, @DVincent_ approached the victim, offering to trade the NFTs through the p2peers.io website, which has now been taken down. The victim went to the site and approved the hacker’s wallet, enabling them to steal the victim’s NFTs.
While there are scarce details on how the attack was carried out, it was most likely a malicious connection request. Some phishing attacks work by asking users to connect their wallets and approve a specific function. However, the function that is being approved could be a function that allows an external user to access their wallet and transfer out the contents.
Twitter user @CirrusNFT believes that the victim may have been lured to a fake trading site and tricked into signing a malicious transaction:
“Sounds like the scammer linked the victim to a fake trading site and got him to sign a bad transaction.” @CirrusNFT said in their tweet.
The NFT space has experienced a lot of hacking and phishing attacks over the past few months. In February, the NFT marketplace OpenSea suffered a phishing attack where hackers stole NFTs worth millions. In March, over $615 million worth of ETH was stolen from Axie Infinity’s Ronin Network.
NFT and crypto investors must remain vigilant to protect themselves from future phishing attacks. Links should always be verified, and users should not visit any sites or connect their wallets to them if they have any doubts on their authenticity.