NFT Collector Loses $1.4 Million Through Phishing Attack

Blockchain researchers have observed that a crypto collector recently lost $1.4 million worth of NFTs stolen by a hacker through a phishing scam. The hackers lured the collector through a phishing website, getting the victim to approve the items before stealing them. The stolen collection included 29 pieces of BFTs from the Moonbirds collection, with a floor price of 24 ETH (about $48,000).

The Attackers Succeeded After Failing In The First Attempt

According to the victim, the hacker used the phishing site to set up a contract designed to un-nest all his Moonbirds and take all of them n a single swoop. The victim said although the transaction failed initially, it later went through, causing him to lose all the NFTs.

The victim, Keith, said he’s an oncologist and a father of three children. He claimed the attacker took all the money he has accrued for the past 38 years, stealing it within minutes.

Keith said he sent a message to the hacker, asking them to return the stolen collection. He also told the hacker to keep one of the NFTs as compensation, promising them that the FBI will not be notified if the NFTs are returned on time.

“Please return the stolen moonbirds to the original owner. Keep 1 for compensation,” his message sent to the hacker reads.

The Increasing Menace Of Phishing Scams

Phishing scams are growing in the NFT space. They are increasingly becoming very lucrative for threat actors since a single click can lead to the transfer of millions without no way of recovering or revoking the order.

According to cybersecurity researcher, Tal Berry, who has investigated the hacking incident, the attack was not clear-cut like some other phishing attacks. Like Keith, he also revealed that the first attempt by the hacker was not successful, but the transfer went through on the second trial. Berry stated that the threat actors wanted to use a stealthier approach by using a smart contract in the transaction to sign the victim. However, they were unsuccessful in their operation. This prompted them to change their ‘regular’ address before resigning and successfully stealing the funds.