On Friday afternoon, a cybercriminal briefly took over the official Azuki Twitter account leaving several users counting losses. Within 30 minutes, USDC worth $700,000, 3.8 ETH, and about 12 NFTs got stolen via a malicious link posing as the famous NFT project’s land mint.
Little did some Azuki community members realize the mint wasn’t legit. The attacker used the link to direct the unsuspecting members to a ‘drainer’ contract that deceived them into approving a transaction that saw assets in their wallets swiped.
According to Etherscan data revealed by WalletGuard, a Web3 security company, the $700,000 in USDC was sent to the hacker by just one Azuki member. The firm reported that the transaction might have been accidental. However, the Azuki member is yet to confirm the report.
Crypto Players Who Noticed Azuki Account was Comprised
Several NFT traders were quick to realize that the Azuki account was under attack following the suspicious tweets, which referred to the fake mint as a ‘surprise’. Within two hours, Azuki’s Twitter account disappeared from the app, and when it later came up, all the misleading tweets were gone.
Emily Rose, Azuki’s Community Manager, took to her Twitter handle to confirm that, indeed, Azuki’s account was compromised. Meanwhile, Harry Denly, MetaMask Security Head, said he noticed the fake mint almost immediately, and the wallet blocked the scam website.
Furthermore, the Phantom wallet also identified the malicious domain and marked it as unsafe. The Solana-based wallet advised its users not to connect their wallets to the website. Recently, Phantom reported that it had managed to scan over 70,000 transactions and blocked about 17,000 malicious transactions.
Previous Attack on Azuki NFT Project
Friday’s attack on the Azuki NFT collection is not the first one. Last April, a group of hacked verified Twitter accounts with profile pictures of Azuki posing as the actual creators of the NFT project started to promote airdrop scams which left several NFT fans counting losses.
At that time, the fraudsters would tweet out links with a promise of an exclusive airdrop of Beanz, an NFT drop distributed for free in February 2022 only to Azuki NFT holders. The scammers asked the victims to click the links to claim the beanz; as a result, they were prompted to connect their wallets.