Phishing attack targeting the popular Moonbirds NFT project managed to steal 29 NFTs. The tokens are currently valued at $1.5 million.
Following the attack, Twitter’s cryptocurrency community encouraged all NFT holders to check the links they click. After all, several such attacks have been applied in recent months. The current focus is precisely the NFTs market.
Hacker steals 29 Moonbirds NFTs
The attack in question took place on Tuesday (24). The invader stole the dozens of moonbirds valued at around 750 ETH from its owner who poses as a DigitalOrnithologist, according to on-chain data.
The Moonbirds NFTs were released just a month ago. However, alongside the Bored Ape Yacht Club (BAYC) collection it has become one of the favorite targets of hackers.
According to the Twitter “detective” known as @0xLosingMoney, this new attack is linked to a Twitter account called @DVincent_.
Unsurprisingly, now the page is gone and so is his account on the OpenSea NFTs marketplace.
🚨Community Scam Alert @p2peers 🚨— Andeh #OnChain (@0xLosingMoney) May 25, 2022
➼ https://t.co/9cTRutiMbm was used by scammer (@Dvincent_) today to steal 29 MOONBIRD NFTS (>$700,000 USD).
➼ I've done my best to find out what happened on-chain and retrieved as much info as I can.
Follow along with what I found 🧵👇 pic.twitter.com/lXRw6fgcCl
Details of the scam that stole NFTs
Also according to @0xLosingMoney, before the attack, other NFT holders reported that @DVincent_ approached them for private sales.
Among them was the owner of a Bored Ape @just1n_eth. He described how the account approached him on May 10.
“We reached an agreement on the price. So this individual insisted that we use a platform called ‘p2peers.io’. I’ve been in space for over a year and I hadn’t heard of it. I immediately knew something didn’t feel right.”
After this testimonial became public, another user claimed that the exact same thing happened to him:
“I told him I would only use NFTTrader. He kept insisting on the other fraudulent platform.”
The p2peers website is registered with a domain company in Finland. The site appears to have been suspended, as reported by The Block.
According to Tal Be’ery, security research manager and co-founder and CTO of ZenGo, the purpose of directing people to these sites is to trick victims into signing and approving a transaction that transfers ownership to the attacker.