At least 35 non-fungible tokens (NFTs) were stolen in a major Twitter Inc . (NYSE: NYSE:TWTR) phishing-propagated hack on their holders.
What Happened: The NFTs in question were stolen by promoting a website that exploited vulnerabilities in user's web browsers to send a transaction with their non-fungible tokens to the attacker without them prompting for it to happen, according to a Wednesday report in The Block Crypto.
Data shared with the crypto news outlet by blockchain analysis firm Elliptic shows that NFTs stolen in the attack were worth at least $900,000 and included tokens from the Bored Ape, Mutant Ape and Bored Ape Kennel Club collections.
The attackers distributed their malicious payload through a fake Apecoin (CRYPTO: APE) airdrop website that was promoted through multiple verified Twitter accounts that were compromised — some of which had over 50,000 followers.
Blockchain analysis and cybersecurity firm AnChain.ai severely criticized Twitter's response, noting that “the fact that hacked verified accounts are not triggering Twitter’s spam detection when using a script to push out multiple tweets per second is absurd.”
Aaron Cadena, the co-founder of NFT-themed cannabis vaping company Gutter Bars, wrote that "the tweet looked strange, but this is someone that I had actually followed [previously] so I didn’t overthink it ... I clicked the link in the tweet and was immediately prompted to connect my wallet, which I did not do."
He explained that "after clicking cancel, the prompt kept popping up over and over again. I clicked cancel a few more times, then caught onto what was happening and tried leaving the site but my screen was locked. I ended up having to just force quit the browser, but then I got a notification that two assets were transferred from my wallet and it felt like a punch in the gut ..."
Hacks such as these are a reminder that — despite blockchains such as Ethereum's (CRYPTO: ETH) being exceptionally secure when compared to traditional server infrastructure — users and their local software that can interact with that blockchain is usually much easier to compromise for a skilled attacker.
One important step for protecting your cryptocurrencies is to keep your private keys away from your internet-connected devices that can easily be hacked such as computers and mobile devices through the use of hardware wallets.
© 2022 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.