The official Twitter handle of Gutter Cat Gang, a popular Ethereum-based NFT collection, was targeted on Monday, causing losses of up to $700,000. According to blockchain observer AegisWeb3, the hacker has already sold some of the stolen NFTs for $650,000.
Sixteen users collectively lost 87 NFTs, with one losing 35 NFTs, which included a $125,000 Bored Ape acquired in November 2021.
How Did the Hacker Execute the Attack?
Immediately after getting access to Gutter Cat Gang’s Twitter account, the hacker tweeted about an “airdrop” of the project’s legitimate NFT collection GutterMelo. The attacker then shares a phishing link, asking the followers to open it and connect their wallets in order to receive free NFTs. Unfornatutely, those who followed the hacker’s instructions saw their wallets drained within minutes.
Today, Gutter Cat Gang confirmed it had regained access to its Twitter account and started working with law enforcement to investigate the breach and take necessary steps to prevent it from ever happening again. Based on the comments, NFT fans seemed angry because the NFT project failed to mention a plan to compensate the victims.
Gutter Cat Gang’s Twitter Hack Raises Security Concerns
As per the Gutter Cat Gang’s latest tweet, the project claims it uses multi-factor authentication measures to keep its Twitter account safe. The Elon Musk-owned platform currently provides three multi-factor methods: dedicated key, app-based authentication, and SMS.
However, blockchain observer ZachXBT has alleged that Gutter Cat Gang has been using SMS authentication only. He calls out the NFT project for what he describes as gross negligence.
ZachXBT says the hacker could have accessed the Gutter Cat Gang’s Twitter handle through a SIM swap attack. This type of attack happens when an attacker convinces the victim’s phone provider that they have lost the phone and that the number should be ported to another SIM, which in this case, belongs to the attacker.
Now, since the fraudster is able to access the victim’s SMS messages, they can easily request a password reset from Twitter, and the platform sends a one-time code via a text message, thus enabling the attacker to take over their victim’s Twitter account.
SureTradeGroup.com is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. Some of the content on this site is paid content that is not written or posted by our writers or editors and the opinions expressed do not reflect the opinions of this website. Any disagreement you may have with brands or companies mentioned in articles will need to be taken care of directly with those specific brands and companies. The responsibility of anyone who may click links in our articles and ultimately sign up for that product or service is their own. Forex, Stocks, Cryptocurrencies, NFTs and Dogital Tokens are all a high-risk asset, investing in them can lead to losses. Readers should do their own research before taking any action.