Digital artist Mike Winkleman, better known as Beeple, has become the latest victim of a phishing attack after his Twitter account was hacked.
Beeple’s Twitter account hacked
The hacker exploited Beeple’s Twitter account to send phishing links to fake NFT collections with the promise of a surprise, free mint for unique NFTs. Over 200 Ethereum (ETH) was stolen, worth about $400,000.
Beeple is best known for his NFT collage, known as Everydays: The First 5,000 Days, pictured above.
The account has subsequently been secured and Beeple has offered an update on the matter, saying that there would never be a surprise mint, a tactic that scammers often use.
Initially, it was reported that 36 ETH had been stolen, worth around $72,000. Then PeckShield Alert pointed out that the scammers had actually laundered 199 ETH via the mixing service, Tornado Cash. The latter is a very popular tool among hackers and scammers, as it makes it difficult to trace transactions.
This type of scam is very common in the crypto market, trapping new investors. In this case, victims were led to a website that claimed to be a raffle of Beeple’s Louis Vuitton collection.
Harry Denley, a Security Analyst at MetaMask, said that an account takeover was likely “as Twitter is reporting the tweet source is the Twitter Web App and not some API integration.” It is not clear how the account takeover itself happened.
In total, the attacker stole roughly $438,000 in two scams. The first saw 36 ETH stolen, and the second 62.35 ETH, 37.59 WETH, and 45 NFTs. The scam was active for about five hours.
NFT scams are rife
There is no shortage of scams in the NFT market. Phishing attacks have become the preferred way for bad actors to operate. These links usually say something to the effect of offering minting bonuses. Once clicked, assets are drained from users’ wallets.
The attacks have infiltrated every social media platform. Discord, Telegram, Twitter, YouTube, and Instagram have all been affected at some point, and targets include Bored Ape Yacht Club (BAYC) and OpenSea.
It is becoming even more important to protect investors, as NFTs are becoming more of a mainstream phenomenon. Instagram will support NFTs from multiple blockchains, and this could make it a ripe target for bad actors.