The crypto industry has seen yet another hacking attack that resulted in a theft of a massive amount of money.
The hacker or hackers targeted the official Twitter account of Gutter Cat Gang — a popular NFT collection on the Ethereum network.
The hack of the account belonging to the project’s co-founder resulted in a loss estimated somewhere between $750,000 and $900,000.
The exact amount that was stolen is still a matter of debate, as the hacker stole at least 87 NFTs from 16 different users.
One address lost as many as 36 NFTs, including a Bored Ape piece, which was sold in September 2021 at $125,000.
Since the value of NFTs is subject to change, the experts are still debating how much the hacker actually stole by getting away with digital artwork.
At least one of the attacker’s wallets has since sold stolen assets for $640k, according to AegisWeb3.
What happened?
The attacker used Twitter last Friday, July 7th, to promote a public airdrop of Gutter Cat Gang’s legitimate collection called GutterMelo.
The collection was released in late June, and the hacker published a link to the airdrop, which was fake.
Those who clicked on it had their wallets drained of their assets without receiving anything in return.
Immunefi’s Adrian Hetman commented on the matter, stating that, typically, the victim interacts with malicious contracts in cases like these.
They are required to give approval to the contract and allow it to spend the tokens on behalf of the user.
After that, the hacker who controls the contract gains the authority to transfer even the users’ NFTs as they wish.
About two days after the hack, Gutter Cat Gang Twitter explained the situation, expressing remorse regarding the incident.
The account’s owner said that they are collaborating with the authorities to try and identify the attacker while simultaneously taking steps to prevent something like this from happening again.
However, to the fans’ disappointment, there is currently no mention of trying to compensate the victims for their losses.
Gutter Cat Gang’s team claims that the account was properly protected
Many have also expressed concern about the Gutter Cat Gang’s account security. The account owner claims to use multi-factor authentication and other security measures, although it remains unclear what those included.
Twitter offers three options: authentication via the app, SMS, or a dedicated key. According to cybersecurity expert James Bore, app-based authentication is generally considered the most secure option.
He added that apps like Microsoft Authenticator, Google Authenticator, or Authy tend to be the most effective as the code is never transmitted over networks.
Read the full article here