When social media accounts of big brands or NFT projects get hacked, all hell will break loose. That became apparent yesterday when the Azuki NFT account was compromised. Culprits tried to redirect users to a scam domain stealing user wallet contents.
Azuki Twitter Account Compromised
It is uncanny how many social media accounts get hacked even in 2023. In many cases, it is due to poor security practices by the person or team in charge of the account. Even so, the outcome is often the same. Followers get tricked into visiting a scam website and they will lose data or money. Targeting the Twitter account of the Azuki NFT collection is an excellent way to bring tremendous attention to phishing websites, and many people still fall for them.
The hacked account claimed users could claim virtual land plots tied to the Azuki collection. While the creators can explore such opportunities in the future, the claim was obviously fake. Moreover, it directed users to a peculiar domain registered a few days before the hack. The modus operandi is identical to a hack affecting the “A Kid Called Beast” NFT collection a few days ago.
It is equally problematic how the scam was allowed to go on for a while. Twitter could have suspended the account much quicker. In addition, one must wonder why it was compromised in the first place. Whether a legitimate hack or negligence by the people in charge, it is not OK to click random links on the internet. In addition, users who saw the tweet should use common sense and acknowledge something wasn’t right.
The address involved in the scam website – which received stolen ETH and NFTs – still holds over 2.39 ETH today. In addition, it holds NFTs belonging to Porsche 911 (1), Mutant Ape Yacht Club (2), Pudgy Penguins (49), Bored Y00ts Ape Club (3), Wiiides (43), and Beanz (56). In addition, they moved several NFTs – Doodles and Porsche – to Blur, Willock.eth, and various other addresses in recent hours. The tally will likely rise higher as the latest transaction was just over half an hour ago (at the time of writing). OKHotShot shared how the address also received several dozen OtherDeeds NFTs, and held 12 Doodles at one point.
Twitter Account Restored (For Now)
Thankfully, the Azuki team regained control of the Twitter account after a few hours. Even though their account was allegedly secured by two-factor authentication, the culprit succeeded in bypassing that security. How that may have happened remains unclear, although more details may be provided in the future. Moreover, it remains uncertain what will happen to the stolen NFTs. They will likely never be returned, and they may remain tainted forever.
1/ The @AzukiOfficial Twitter was compromised today. A series of malicious tweets were posted during the morning of Friday, Jan 27th (Pacific Time).
The team has regained control of the @AzukiOfficial Twitter.
Details below 👇
— Azuki (@AzukiOfficial) January 27, 2023
It is also interesting to see the scam involving the Azuki Twitter account used Blur to unload the stolen NFTs. OpenSea has a policy for stolen items – although it isn’t enforced too well – which forces criminals to opt for other marketplaces. Blur is seemingly behind the curve on that front, although that will hopefully change.
None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.