Just recently, the crypto world saw another audacious hack attack that saw the theft of a huge sum of money from the popular Ethereum-based NFT collection, Gutter Cat Gang. The malefactor targeted the project’s co-founder’s official Twitter account, with losses believed to be within the range of $750K to $900K.
This calculated violation involved the theft of at least 87 NFTs from 16 unsuspecting individuals. One user was hit the hardest, losing as many as 36 NFTs, inclusive of a valuable Bored Ape piece traded in September 2021 for a whopping $125K. It’s worth noting that the fluctuating value of NFTs makes the final loss hard to quantify, as the value of the absconded digital artwork is still under review.
According to AegisWeb3, a wallet linked to the perpetrator saw sales of the stolen assets to the tune of $640K. The breach was meticulously orchestrated. The hacker used the Gutter Cat Gang’s Twitter on July 7th to advocate for a public airdrop of a legitimate collection by the same name. This however turned out to be a decoy and saw victims lose their NFTs without getting anything in return.
Analysing the incident, Adrian Hetman of Immunefi noted that in typical instances like this, victims interact with malignant contracts. Upon approval, the malicious agent gains authority to transfer or even sell the user’s NFTs.
In the aftermath, the official Twitter account of Gutter Cat Gang issued a statement bemoaning the incident. The account owner stated ongoing collaborations with security authorities to apprehend the offender and prevent a repeat.
However, to the fans’ dismay, there was no reference of compensating the losses incurred. This omission raised eyebrows regarding the level of support for the victims and their stolen assets. This emphasized the current vulnerabilities crypto enthusiasts’ face, and the imperative need for insurances and measures to at least compensate victims.
There’s increasing scepticism about the security measures implemented by the Gutter Cat Gang. Despite claims of having multi-factor authentication in place, doubts have been cast on the adequaciousity of their preventive strategies.
Famous cybersecurity pundit, James Bore, recommends app-based authentication such as Microsoft Authenticator, Google Authenticator, or Authy, noting they rarely transmit codes over networks. This incident has sparked conversation about the urgency for advanced preventative measures to safeguard crypto assets and platforms.
Source: Cryptonews