The perpetrators of a sophisticated hack have stolen more than 60 NFTs from noted collector Arthur Cheong, the founder of DeFiance Capital. Works from the valuable CloneX and Azuki collections were among those lost to the attackers.
“Received a spear-phishing email that really seems to be sent by one of our portco with content that seems like general industry-relevant content,” Cheong tweeted on March 22, referring to a portfolio company. “Was being careless on this one since it comes from 2 seemingly legitimate sources.”
Cheong fired back by publicly posted the hacker’s wallet address so that it can be blacklisted. However, many of the tokens have already been sold to unsuspecting collectors.
DeFiance Capital is a leading investor in the web3 space, having backed top protocols including Aave, dYdX, and Lido, and major networks such as Solana, Terra, and Avalanche. It also supports blockchain gaming and metaverse projects.
A longtime crypto investor, Cheong said that after opening the file it looked like a normal PDF document. His antivirus software failed to identify the files as being malicious. According to blockchain security firm PeckShield, the stolen tokens were sold for a whopping 233 Wrapped Ether (roughly $700,000). Fortune magazine estimated the looted NFTs to be worth $1.7M.
The exploit comes at a time when attacks on crypto projects are becoming increasingly complex. Earlier this year, a copyright fraud case emerged in which perpetrators tricked unsuspecting would-be entrepreneurs to launch an NFT platform for the popular manga Naruto.
In this instance it was an well-tested scam at work: phishing. That’s when hackers forward a malicious link or file that allows them to take control over their victim’s computer, accounts, or wallet after it is opened.
In Cheong’s case, the attacker disguised the malicious file to appear as though he’d received a word document from a company in DeFiance Capital’s portfolio. Cheong says he was careful with his security practices and used a hardware wallet tied to a PC until recently becoming a more active NFT trader. “Hot wallet on mobile phone is indeed not safe enough,” he added.
It didn’t matter. Cheong tweeted that the thieves were also accessed a second hot wallet on his PC unconnected to a hardware wallet. The two affected wallets do not share the same seed phrases. The incident serves as a warning to all crypto users to maintain robust security practices.
Get Smarter on DeFi and Web3
Get the 5-minute newsletter keeping 80K+ crypto innovators in the loop.
Cheong told The Defiant that he lost “60+ NFTs” in the attack. Among the most valuable were tokens from the CloneX and Azuki — the fifth and eighth most valuable NFT collections with respective floor prices of 14.3 ETH and 12.36 ETH, in addition to Hedgied — which currently boasts a floor price of 0.64 ETH.
The investor has since requested that any buyers of the stolen NFTs hold on to the tokens. “I will contact you all when I get my stuff sorted,” he added.
Cheong also commented that he has reasons to believe that incident was part of a broader “organized” campaign targeting “big name” players in the crypto ecosystem with fake Docx files, including trading firm, Mgnr, lending protocol, bZx, and Nexus Mutual founder, Hugh Karp.
The rise of decentralized finance has also ushered an increase in cryptocurrency thefts. Blockchain forensics firm Chainalysis estimates that $3.2B was lost to cryptocurrency thefts in 2021, an annual increase of 516%. The firm estimates that 72% of the funds stolen by hackers were taken from DeFi protocols.
“DeFi is one of the most exciting areas of the wider cryptocurrency ecosystem, presenting huge opportunities to entrepreneurs and cryptocurrency users alike,” Chainalysis wrote in its 2021 Crypto Crime report. “But DeFi is unlikely to realize its full potential if the same decentralization that makes it so dynamic also allows for widespread scamming and theft.”
Note: DeFiance Capital is an investor in The Defiant.