DeFiance Capital founder and crypto investor Arthur Ox was the victim of a phishing attack. Bad actors managed to compromise Ox’s hot wallet and took control of over $1.5 million in non-fungible tokens (NFTs).
İlgili Okuma | Nightly Mint: Günlük NFT Özeti
The attackers moved the stolen assets to NFT marketplace OpenSea. Part of the popular Azuki collection, the NFTs were priced in thousands of dollars on the platform.
Via his Twitter account, Ox reported on the hack and of new development as he investigated potential points of failures. He şuraya:
Was pretty careful and stuck with only using hardware wallet on PC until I start trading NFT more regularly. Hot wallet on mobile phone is indeed not safe enough.
Ox discovered the attackers compromised as much as two of his private keys, used to access the funds and sign transactions. The DeFiance Capital founder asked for the following Ethereum address to be blacklisted: 0xe47E8cD58c8E95F765e642d7dCB898f622ceFA83. The crypto investor added:
İstismarın olası temel nedeni bulundu, bu hedefli bir sosyal mühendislik saldırısı. Genel sektörle ilgili içerik gibi görünen bir içerikle, portkolarımızdan biri tarafından gerçekten gönderilmiş gibi görünen bir hedef odaklı kimlik avı e-postası aldı.
In that sense, Ox believes attackers could attempt to target other crypto founders with a similar approach. As seen below, the bad actors managed to send him a message that appear genuine and coming from “two seemingly legitimate sources”.
The attack vector could have originated from the document sent to Ox, and from two images attached to the email. The DeFiance Capital warned other users, and said “none of the anti-viruses picked up this file as malicious”. Ox added the following to his alert:
Have strong evidence to believe this is the same group of hackers that exploited BZX, Hugh, MGNR and myself. The infamous Lazarus group.
Lazarus Group Targeting Crypto Investors?
According to a pseudonym user, the file shared by Ox matches a strategy used by the Lazarus Group. The bad actors often used a document hinting at a stablecoin pitch as a lure, with a fake Azure Information Protection label from Microsoft.
The latter requires the user to enable content editing which could potentially open the door for the phishing attack or exploit.
Looks like some potential #LazarusGrup? Seems to fit their crypto interests and the same #Azur lure prev-used
Rapid Change of Stablecoin (Protected).docx
9be0075b9344590b3cabf61c194db180
secure.azureword[.]com/k6q3afrxddx/yoibgjjd7e/evuethwpcj/cn65qhpls2/@t0001100000 @h2jazi pic.twitter.com/XKpQuzkJBm— Gage (@Circuitous__) Eylül 10, 2021
Supposedly based in North Korea, the Lazarus Group has been one of the most prolific black hat organizations. Active since 2009, the group uses different strategies to target their victims, steal their information or take over the victim’s computer.
The group has been known for targeting financial institutions, casinos, software developers, and others. Several raporları claimed the bad actors have stolen almost $1 billion in cryptocurrencies and digital assets.
İlgili Okuma | Start'a Basın: GameStop, Özel NFT Marketplace'in Ne Zaman Başlayacağını Açıkladı
At the time of writing, the crypto total market cap stands at $1,89 trillion with minor gains on the 4-hour chart.
Source: https://bitcoinist.com/crypto-investor-lost-millions-amid-phishing-attack/