Crypto Phishing Attack: Gutter Cat Gang Twitter Account Compromised, NFTs Worth $750K Stolen
The cryptocurrency industry has recently witnessed yet another unfortunate incident involving a hacking attack.
This time, the target was the official Twitter account of Gutter Cat Gang, a popular NFT collection built on the Ethereum network.
The attack compromised the account of one of the project’s co-founders, and as a result, an estimated amount between $750,000 and $900,000 was lost.
The hacker managed to seize at least 87 NFTs belonging to 16 different users.
Among the affected addresses, one lost a significant number of NFTs.
This included a Bored Ape artwork that was previously sold for $125,000 in September 2021.
Determining the exact value of the stolen digital artwork is still under analysis due to the fluctuating nature of NFT prices.
Someone lost their ape pic.twitter.com/idcePIfyZa
— ZachXBT (@zachxbt) July 7, 2023
At least one of the attacker’s wallets has since sold stolen assets for $640k, according to AegisWeb3.
What happened?
The attacker used Twitter last Friday, July 7th, to promote a public airdrop of Gutter Cat Gang’s legitimate collection called GutterMelo.
The collection was released in late June, and the hacker published a link to the airdrop, which was fake.
Those who clicked on it had their wallets drained of their assets without receiving anything in return.
GutterCatGang Twitter account has been compromised please do not interact with it. #GutterCatGang @gutterdan_ @GutterCatGang —-> ⚠️⛔️ pic.twitter.com/tBu9fwBI7m
— BURDΞN © 👹 (@0x_burden) July 7, 2023
Immunefi’s Adrian Hetman commented on the matter, stating that, typically, the victim interacts with malicious contracts in cases like these.
They are required to give approval to the contract and allow it to spend the tokens on behalf of the user.
After that, the hacker who controls the contract gains the authority to transfer even the users’ NFTs as they wish.
About two days after the hack, Gutter Cat Gang Twitter explained the situation, expressing remorse regarding the incident.
The account’s owner said that they are collaborating with the authorities to try and identify the attacker while simultaneously taking steps to prevent something like this from happening again.
Gutter Cat Gang Twitter accounts were compromised yesterday. Malicious tweets were posted Friday afternoon, July 7 (Eastern Time). The team has regained control of the known compromised accounts.
— Gutter Cat Gang (@GutterCatGang) July 8, 2023
We promptly reached out to our contacts at Twitter, law enforcement and mobile…
However, to the fans’ disappointment, there is currently no mention of trying to compensate the victims for their losses.
Gutter Cat Gang’s team claims that the account was properly protected
Many have also expressed concern about the Gutter Cat Gang’s account security. The account owner claims to use multi-factor authentication and other security measures, although it remains unclear what those included.
Twitter offers three options: authentication via the app, SMS, or a dedicated key. According to cybersecurity expert James Bore, app-based authentication is generally considered the most secure option.
He added that apps like Microsoft Authenticator, Google Authenticator, or Authy tend to be the most effective as the code is never transmitted over networks.
Related Articles:
- Coinbase Domain Name Used by Scammers in Recent Phishing Attacks – What’s Going On?
- School Kids Reportedly Phishing Millions in NFTs for Roblox Skins
- End User Scams and Phishing Attacks in Web3: Are They Being Underreported?
