DeFiance Capital founder loses $1.7M in NFTs to phishing scam
Despite being a veteran in the crypto space, the founder of DeFiance Capital, Arthur Cheong, has fallen into the cold hands of malicious actors. Roughly $1.7 million worth of NFTs were siphoned from his crypto wallet yesterday morning.
According to security firm PeckShield, Cheong lost 33 Selfs, 17 Azukis, five CloneXz, two Hedgies, and two Tsubasa NFTs. The firm notes that about 59 NFTs were stolen in the attack. Meanwhile, Cheong tweeted:
Well, this hit me hard but if I got exploited as a fairly sophisticated 5 years crypto user (DeFi user, password manager, mostly hardware wallet), I'm not sure how I can persuade most normal people to put a substantial part of their net worth on chain anymore.
The venture capitalist alleges that the “likely root cause” was a spear-phishing email that appeared to come from one of DeFiance Capital’s portfolio companies. By opening the file, Cheong unknowingly gave the attacker access to the private key of one of his hot wallets.
For the uninitiated, a “hot” crypto wallet is one that is connected to the internet. Wallets on exchange platforms like Binance and Coinbase are all hot wallets. There are also several other hot wallet apps for mobile devices and PC.
While hot wallets are convenient for quickly moving funds around, they are not ideal for storing large amounts of cryptocurrencies. On the flip side, wallets that are not connected to the internet, such as hardware and paper wallets, are known as “cold” wallets. Although they are not hackproof, they provide a greater degree of security.
Crypto tracking service Etherscan has traced the NFTs to a crypto address with more than 585 ETH as of press time, labeling the account in question as the “Arthur0x Wallet Hacker.”
With NFTs being the latest craze in town, malicious actors are always on the lookout to exploit users. In February, some users of the leading NFT marketplace OpenSea became victims of a similar phishing scam. The hacker, who made away with around $1.7 million, launched the attack to coincide with OpenSea’s smart contract upgrade.