Attacker Drained Over $750K From Popular NFT Project Azuki’s Twitter Account And Hacked It
On the 27th of January, an attacker hacked the Twitter account of the popular NFT project Azuki, due to which some users fell into another wallet-draining scam. The attacker took over $750,000 worth of USDC, ETH, and 11 NFTs in less than 30 minutes. The hacker stole this amount through malicious links feigning as a land mint for the Azuki NFT project, which is very famous these days.
This land mint was fake, and the link sent unsuspecting users to a drainer contract, where they were duped into signing a transaction, which as a result, allow the hacker to swipe assets from their wallets. According to the 27th of January report from Decrypt, a single user apparently sent more than $750,000 worth of USDC stablecoin to the wallet of the attacker. This amount is also confirmed by Etherscan data provided by WalletGuard, a Web3 security firm.
However, some NFT traders quickly realized that the tweets from the gold-checked Azuki Twitter account were suspicious and referred to the fake surprise mint. With the help of these suspicious tweets, the NFT trader realized that the Azuki account had been compromised. And after some hours after this attack, the official Azuki Twitter account seemed to have been removed from the search results of Twitter. Moreover, the malicious tweets from the account were also deleted.
Rose, the Community Manager at Azuki, confirmed that the Azuki official Twitter account had been hacked. Harry Denley, Security Research at MetaMask, noticed the scam almost immediately and claimed that MetaMask has since blocked the malicious domain. Moreover, the team of the Phantom wallet also marked the malicious domains as unsafe. Phantom wallet alerted the users attempting to connect their wallets to the sites. An hour later from this attack, in a Twitter space, Dem, the Head of Community and Product Manager at Azuki, said that their team is in touch with Twitter and is trying to regain control of their official Azuki account.