Arthur 0x, the founder of large crypto investment firm DeFiance Capital, had one of his hot wallets hacked, losing more than $1.6 million in nonfungible tokens (NFTs) and bitcoin.
As he begged others to blacklist the hacker’s wallet, the crypto community rallied to his aid. They offered to help him recover the stolen stuff. Several people on Twitter have tried to figure out how the attack happened and how the hacker got access to the hacker’s wallets.
“Cirrus,” a member of the NFT community, went so far as to purchase two of the stolen Azuki NFTs. And return them to Arthur at no cost. On Tuesday, Cirrus stated:
“I discovered they had been hacked, and instead of selling them for profit like the other people who had obtained some of his, I opted to sell them back to him at the cost to assist him.”
This “isn’t the first time” this has occurred to Cirrus, he noted. “I could easily go sell them for a profit of 6-8 Ether (ETH), but it simply isn’t right,” he added. His profile says he’s been a victim of rug pulls three times, thus his feelings are likely directed toward his fellow victim.
Hot wallet on mobile phone is indeed not safe enough
When crypto or NFT project shuts down unexpectedly, the value of its token or NFT plummets. Rug pulls, in the vast majority of cases, are proof of a con.
Arthur appears to have misplaced a total of 78 different NFTs from five different collections. The majority of which are “Azukis”. He also lost 1,578 LooksRare (LOOKS) tokens, 68 wrapped Ether (wETH). As well as 4,349 staked DYDX (stkDYDX), and 68 wrapped Ether (wETH) tokens. At around 12:30 a.m. UTC, the hacker started shifting assets and subsequently put all of the NFTs up for auction on the OpenSea NFT marketplace. The hacker’s wallet contained 545 ETH, which was valued at around $1.6 million at the time of writing.
Because even persons in the top echelons of the sector can be attacked, this breach emphasises the significance of operational security when dealing with crypto asset self-custody. In Arthur’s situation, he’s perplexed as to how this happened to him, writing on Twitter, “Hot wallet on the mobile phone is indeed not safe enough.”
The security breach caused by an on-chain transaction
Arthur may not have been safe from this attack even if he had used a hardware wallet, often known as a cold wallet. A hardware wallet isn’t always linked to the network, unlike a hot wallet. This feature protects a user’s private key and seed phrase from unauthorised access. Arthur, on the other hand, believes the security breach caused by an on-chain transaction. Which may have also compromised the seed phrase or private key from a hardware wallet.
Scams involving NFTs and cryptocurrencies are always a risk, thus investors should use their funds with extreme caution. Serial scammers create projects to take advantage of the NFT community, pull the rug out from under them, and move on to the next scam. Cirrus made the following observation:
“Hackers are rushing to capitalise on this gold rush. And they’re doing everything they can to find new ways to do it.”
In light of his dissatisfaction and annoyance about the intrusion, Arthur sent a tweet to the hacker, saying, “The only thing I can say to the hacker is: you’re messing with the wrong person.”