Cointime

Download App
iOS & Android

NFT God Hack: How Did it Happen and How You Could Protect Yourself

Validated Project

Time flies, and we have arrived in 2023. It has already been a year since the crypto market went bear. The NFT market was pretty dead last year, with trading volume plummeting by 99%. Even the so-called blue-chip projects had a tough time and went into silence mode. But they had already built strong brands, IPs, and images during the hype season, and now they’re figuring out how to move forward.

On the other hand, NFT holders have struggles, too, as trading NFTs are no longer profitable now that the hype has died down. Some have been able to build up their profile and make money off their fame in the space, especially those who have made a ton of money from their NFT investments, either through strategies or sheer luck.

We’re constantly surrounded by internet scams, cyberattacks, and threats, especially when people let their guard down. This is what happened with the NFT influencer whose entire crypto wallet was drained by malware, bringing security awareness back into the spotlight.

Entire Crypto Wallet? For Real?!

The pseudo-anonymous influencers known as “NFT God” tweeted about how his digital livelihood was attacked on January 14, including his crypto wallet and multiple online accounts.

The tragedy went down this way: he accidentally clicked on a Google Ads link for some open-source video streaming software he was looking for, and it ended up downloading malware onto his computer. Instead of going to the official website, he clicked on a sponsored ad. Hours later, a series of phishing tweets were posted by attackers on two of his Twitter accounts. He realized he’d downloaded the wrong software.

The nightmare didn’t end there. NFT God returned home and got a notification that his crypto wallet had been hacked. The day after, his Substack account sent out phishing emails to all 16,000 of his followers.

Blockchain data reveals that around 19 Ether, including a Mutant Ape Yacht Club (MAYC) NFT, was stolen from his wallet. The attacker shuffled the ETH through several wallets and then sent it off to FixedFlat, a decentralized exchange, to then swap it for some other crypto.

The mistake that led to the wallet hack was when he set up his hardware wallet as a hot wallet by entering its seed phrase in a way that left it exposed online, and that’s how the hackers got their hands on his crypto and NFTs.

A small slip-up in the setup process resulted in a huge disaster, and here we would like to remind you again how we should keep our funds safe.

Can you protect yourself from hacks?

No matter how much NFTs go down in price, some hold a lot of sentimental value. It’s not just about avoiding financial losses but also protecting the memories and experiences that come with your collection.

Unlike phone scams, NFT scams and phishing links are way easier for scammers to set up. It’s like they’re laying out traps on the web, just waiting for someone to fall for them, like what happened in this case.

KOLs, even as famous and influential as NFT God, can still get into trouble and lose their assets due to security blunders. This case just goes to show that even the most famous KOLs aren’t invincible to careless mistakes, just like everyone else.

You can keep your assets safe if you’re careful in your Web3 journey. The top 2 advice: don’t click on sketchy links. Also, keep your seed phrase to yourself and in a safe place.

How should a cold wallet be used?

Firstly, what is a cold wallet?

A cold wallet is a form of cryptocurrency storage that operates entirely offline. Cold wallets are designed to keep private keys and other valuable pieces of data on an offline device, such as a USB drive or specialized hardware wallet. Using a cold wallet, users can keep their digital currencies safely secured against theft and losses due to computer viruses or hackers. The most significant advantage of using a cold wallet is that information can’t be digitally stolen from an offline source — providing extreme security for your crypto assets.

In the use of a cold wallet, when a new wallet is created with the cold wallet device, the private key and seed phrases remain in the offline environment, where they won’t be exposed to online conditions. As NFT God set up his hardware wallet as a hot wallet by entering the seed phrases, the credentials are no longer “cold” as they are operated online.

The cold wallet might be less convenient to use than a hot wallet. Still, it’s much safer as it is hard for attackers to steal seed phrases or private keys if they never appeared in the online environment. Thus, storing digital assets and currencies not regularly used in the cold wallet is a viable option.

How to prevent phishing links and malware?

There are several ways to prevent phishing links and malware.

  1. Look for official links for websites and software. The case we talked about today was due to downloading wanted software on the website by clicking google ads websites. Remember only to choose official and correct websites, prevent downloading malware, inputting your personal information, and allow access to your computer. Users can confirm the website by looking into other sources, such as the website links in different social media accounts, to ensure the web address.
  2. Refrain from being greedy to trust the message’s advantages and rewards. Only click links if you can confirm the sources. The attacker, in this case, uses NFT God’s Twitter and Substacks to send out phishing links to his followers and subscribers. It might be hard for users to identify if it is true, as all sources are covered with phishing content. Usually, these phishing messages include tempting wordings to bait users. So don’t let your greed put your assets in danger.
  3. Separate your workstations. Still, there are chances that we mistakenly click on phishing links, as people would make mistakes. And one practice to prevent this is to separate your crypto and typical Internet surfing workstation. Have a separate computer to operate your digital assets and another for regular Internet practices. Even if you click any links, your seed phrases and private keys in the hot wallet won’t be stolen as they are on a different device. If not able to have a separate device, using other web browsers like Brave Browser for crypto activities would be a better option, as these web3 browsers have better security measures.

Final thoughts

Even though the market’s been bearish and traders and speculators aren’t as active, scammers and attackers are still out there looking for their next target. We should make security a priority in our daily lives and be mindful of the decisions we make. That way, when the market turns bullish, we’ll be better prepared to handle the losses that can come with it.

NFT
Comments

All Comments

Recommended for you

  • U.S. Congressman Mike Flood: Looking forward to working with the next SEC Chairman to revoke the anti-crypto banking policy SAB 121

     US House of Representatives will investigate Representative Mike Flood's recent statement: "Despite widespread opposition, SAB 121 is still operating as a regulation, even though it has never gone through the normal Administrative Procedure Act process." Flood said, "I look forward to working with the next SEC chairman to revoke SAB 121. Whether Chairman Gary Gensler resigns on his own or President Trump fulfills his promise to dismiss Gensler, the new government has an excellent opportunity to usher in a new era after Gensler's departure." He added, "It's not surprising that Gensler opposed the digital asset regulatory framework passed by the House on a bipartisan basis earlier this year. 71 Democrats and House Republicans passed this common-sense framework together. Although the Democratic-led Senate rejected it, it represented a breakthrough moment for cryptocurrency and may provide information for the work of the unified Republican government when the next Congress begins in January next year."

  • Indian billionaire Adani summoned by US SEC to explain position on bribery case

    Indian billionaire Gautam Adani and his nephew, Sahil Adani, have been subpoenaed by the US Securities and Exchange Commission (SEC) to explain allegations of paying over $250 million in bribes to win solar power contracts. According to the Press Trust of India (PTI), the subpoena has been delivered to the Adani family's residence in Ahmedabad, a city in western India, and they have been given 21 days to respond. The notice, issued on November 21 by the Eastern District Court of New York, states that if the Adani family fails to respond on time, a default judgment will be made against them.

  • U.S. Congressman: SEC Commissioner Hester Peirce may become the new acting chairman of the SEC

    US Congressman French Hill revealed at the North American Blockchain Summit (NABS) that Republican SEC Commissioner Hester Peirce is "likely" to become the new acting chair of the US Securities and Exchange Commission (SEC). He noted that current chair Gary Gensler will step down on January 20, 2025, and the Republican Party will take over the SEC, with Peirce expected to succeed him.

  • Tether spokesperson: The relationship with Cantor is purely business, and the claim that Lutnick influenced regulatory actions is pure nonsense

     a spokesperson for Tether stated: "The relationship between Tether and Cantor Fitzgerald is purely a business relationship based on managing reserves. Claims that Howard Lutnick's joining the transition team in some way implies an influence on regulatory actions are baseless."

  • Bitwise CEO warns that ETHW is not suitable for all investors and has high risks and high volatility

    Hunter Horsley, CEO of Bitwise, posted on X platform that he was happy to see capital inflows into Bitwise's Ethereum exchange-traded fund ETHW, iShares, and Fidelity this Friday. He reminded that ETHW is not a registered investment company under the U.S. Investment Company Act of 1940 and therefore is not protected by the law. ETHW is not suitable for all investors due to its high risk and volatility.

  • Musk said he liked the "WOULD" meme, and the related tokens rose 400 times in a short period of time

    Musk posted a picture on his social media platform saying he likes the "WOULD" meme. As a result, the meme coin with the same name briefly surged. According to GMGN data, the meme coin with the same name created 123 days ago surged over 400 times in a short period of time, with a current market value of 4.5 million US dollars. Reminder to users: Meme coins have no practical use cases, prices are highly volatile, and investment should be cautious.

  • Victory Securities: Funding Rates halved and fell, Bitcoin's short-term direction is not one-sided

    Zhou Lele, the Vice Chief Operating Officer of Victory Securities, analyzed that the macro and high-level negative impact risks in the cryptocurrency market have passed. The risks are now more focused on expected realization, such as the American entrepreneur Musk and the American "Efficiency Department" (DOGE) led by Ramaswamy. After media reports, the increase in Dogecoin ($DOGE) was only 5.7%, while Dogecoin rose by 83% in the week when the US election results were announced. Last week, the net inflow of off-exchange Bitcoin ETF was US$1.67 billion, and the holdings of exchange contracts and CME contracts remained high, but the funding rates halved and fell back, indicating that the direction of Bitcoin in the short term is not one-sided, and bears are also accumulating strength.

  • Careers in Crypto: 5 Insights for 2024

    In an overwhelming job market, leaning into personal networks and connections are more important than ever. Emily Landon, CEO of The Crypto Recruiters, outlines what is happening in the crypto job market and how you can position yourself or your company in 2024.

  • Cointime August 10th News Express

    1. The U.S. Internal Revenue Service has released a new draft of the crypto tax form, which no longer requires filling in wallet addresses and transaction IDs

  • Adidas and Doodles collaborate to launch a limited edition NFT collection pack

    Sportswear giant Adidas is collaborating with Ethereum NFT series Doodles to sell virtual gift packages that support buyers in purchasing exclusive physical clothing. Adidas and Doodles stated in a joint statement that these limited edition collectible packages will be available for purchase before August 16th, with two items in each package. The Adidas Originals x Doodles online store shows that the retail price for a single package is $4.99, while the price for 2 to 100 packages ranges from $8.49 to $374.99.Some joint sets include physical collectibles featuring Deysi, the digital mascot in Pharrell Williams and Coi Leray's new song "Not in the Store". These collectibles include Deysi sportswear and Superstar shoes, with each limited to 200 pieces.