Amidst several NFT scams and phishing attacks, a leading NFT project Azuki fell victim to a Twitter hack resulting in a loss of more than $750,000 worth of USD Coin (USDC). The abrupt attack and the money drain all happened within 30 minutes.
This was another grim day for the NFT community, with lots of attacks on many top founders and projects happening one after the other.
How Did The Azuki Twitter Hack Happen?
On January 27, the official Twitter of NFT innovators Azuki was jacked. Emily Rose, the project community manager, confirmed the news on Twitter minutes after the hack happened. In the tweet, she warned users not to engage with or click on any of the malicious links posted on the account. The malicious tweet sent out a link asking the followers to “claim land” in Azuki’s native “The Garden” metaverse.
The hacked tweets were deleted soon from the account, but managers still warned against clicking any malicious links. Although, all the damage control seemed to be in vain. That is because, by that time, Azuki saw a wallet drain of more than 11 NFTs, $750,000 USDC, and an added 3.9 ETH.
The link sent users to sign a ‘drainer’ contract to dupe them into losing control of their wallets and transferring NFTs to the hacker.
Hoshiboy, the project founder, also confirmed the hack and explained that he is now in talks with Twitter to resolve that situation. Moreover, the 750K USD drain was executed from one account. Azuki Twitter also said that the account is entirely 2-factor authenticated.
In the thread, while alerting about the hack, the account also said that the project always sends out its official releases through ALL of its social media platforms simultaneously – Discord, Twitter, and the official Azuki website.
Who Is Behind The Azuki Hack?
Crypto detective @ZachXBT alleges that the attack is one of a series of drains by a hacker only known by the name Lock. Based on the crypto sleuth, Lock is believed to be the same hacker who is responsible for compromising AKCB, Mutant Hounds, and Chimpers’ Twitter accounts recently.
Moreover, some people think that all of these might be inside jobs from Twitter itself. Harry Denley from Metamask Security Research also discovered the scam early which resulted in executing a forced domain block on the platform. He alleges that the hack might have taken place due to three major reasons:
- Maybe there was a password/cookie compromise.
- Maybe Twitter’s ‘god mode’ – a program that lets the Twitter staff tweet from any account.
- Maybe it was a malicious OAuth app.
Although he alleges that a password or cookie compromise was the most possible scenario in this case. Phantom Wallet also blocked the domain on their platform moments later.
This appears to be a strange time in crypto. The small by considerable bull run is still steady. Yet, a series of phishing attacks and hacks are happening almost daily. Additionally, there is a lack of security on the Twitter platform generally.