Key Takeaways
- Over $750,000 worth of USDC, 11 NFTs, and over 3.9 ETH were drained through these links.
- The account tweeted several malicious links, urging followers to “claim land” in The Garden.
On 27th January Friday, popular NFT Project-Azuki’s Twitter account was hacked, leading to a massive exploit of funds. The account tweeted several malicious links, urging followers to “claim land” in The Garden, the collection’s native metaverse platform. The link sent unsuspecting users to a “drainer” contract that duped them into signing a transaction that swiped assets from their wallets to that of the attackers’.
According to Etherscan data, in less than 30 minutes, over $750,000 worth of USDC, 11 NFTs, and over 3.9 ETH were drained through these links. Reportedly, one user who fell for the hack inadvertently ended up sending over $750,000 worth of USDC to the attacker’s wallet.
Soon after the tweets were posted, Azuki Community Manager Rose quickly confirmed that the account had been hacked while also warning users not to click any links from Azuki’s Twitter account. Several hours later, after gaining access to the account. Azuki tweeted, urging users to “go out on several channels” to confirm announcements.
“Our investigation into the Twitter breach is ongoing. We take security seriously, and the Twitter account was secured using a 2FA Authentication app.” Following the hack, the Phantom wallet team marked the malicious domains as unsafe while alerting users to stay safe.
MetaMask security researcher Harry Denley was quick to notice the scam and immediately blocked the compromised domain.
“Azuki Twitter account takeover – the offending tweet was tweeted on the Twitter web app on a mobile device MetaMask will soon block the domain when the cache clears.”
NFT projects social media accounts getting hacked have been an increasingly common phenomenon in recent months. Just two days prior to Azuki’s account hack, Robinhood’s Twitter account was compromised. The hacker posted a scam tweet urging Robinhood’s followers to each pay $0.0005 for a token called “RBH” on the BNB Smart Chain.
The latest incident is not the first Azuki is getting subjected to Twitter scams. In April 2022, hackers compromised India’s University Grants Commission [UGC] ‘s Twitter handle. The scammers then flood the account with a secret airdrop of Beanz, an NFT drop that was given out to existing Azuki NFT holders.