NFT artist DeeKay Kwon had his Twitter account hacked at the end of last week by scammers who managed to steal NFTs valued at $150,000 from his followers.
DeeKay Kwon, who is an acclaimed digital artist and animator, described in a series of tweets how the hacker had posted a link to what claimed to be an exclusive new NFT collection from Kwon:
"The LetsWalk Collection Airdrop is now live! Only 1,000 lucky people are able to claim! Good luck!"
Some of DeeKay's almost 180,000 followers clicked on the link and were taken to a bogus version of the artist's genuine website, and in their rush to claim their NFTs approved transactions that raided their wallets.
In total, NFTs valued at $150,000 are thought to have been stolen from victims' wallets.
One victim, who according to his Twitter profile claims to be a former engineer at Coinbase, said that he fell for the attack, and had seven NFTs stolen from him.
DeeKay says that they "usually" have two-factor authentication (2FA) enabled on their social media accounts, and that their "guess is that 2FA was off for that specific time and was hacked."
Of course, even if that was accurate, it doesn't entirely explain how the artist's password would have fallen into the hands of the hacker. Could it be that the artist was phished themselves, or has made the mistake of using the same password elsewhere on the net? And why on earth would someone disable 2FA?
DeeKay tweeted that they hoped to find some way to compensate those who had been affected by the attack, but that things are complicated by "since [a] few are pretending to be affected and looking for opportunities."
Clearly everyone needs to be cautious when trusting links shared on social media, and exercise great care before taking any actions which might reveal personal information or unwittingly transfer assets to an unauthorised party.
DeeKay, it appears is putting his faith in karma that the hacker will eventually get their just desserts:
I truly believe in Karma. If you are good, then you'll have fortune. If you are evil, you'll pay the price one way or another. Dear hacker, Karma is on your way.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024