Arthur Cheong, one of the most famous NFT and DeFi investors and the founder of DeFiance Capital, announced being hacked. He tweeted about the hack that has resulted in more than a $1 Million loss for him. The hacker has moved some valuable NFTs, and the Etherscan also shows the transfer of some valuable NFTs in this exploit.
Arthur announced the hack in a tweet, saying:
Well not sure what happened, need to take time to figure it out. Didn't expect this to happen to me as well.
Guess no more hot wallet usage then.
— Arthur 🌔⛩️🦔👻 (@Arthur_0x) March 22, 2022
“Well, not sure what happened, need to take time to figure it out. Didn’t expect this to happen to me as well. Guess no more hot wallet usage then.”
As you can see, the hack has happened on his hot wallet and resulted in Arthur thinking of stopping the usage of this kind of wallet.
As reported PeckShieldAlert on Twitter, about 59 NFTs were stolen in the recent hack. The Etherscan of this exploit shows about five CloneX NFTs were transferred from Arthur’s wallet to the hacker’s wallet. Other transferred NFTs are 17 Azuki, 2 TabinekoKIKI 2 HedgiesOfficial, and 33 SecondSelf NFTs.
#PeckShieldAlert @Arthur_0x ’s hot wallet appears to be compromised. ~59 #NFTs was transferred to https://t.co/MZXIWN4ING , including ~5 #CloneX, ~17 $Azuki @AzukiZen, ~2 @TabinekoKIKI, ~2 @HedgiesOfficial, ~33 @SecondSelfNFT
~19 stolen NFTs wiped for ~233 $ETH (~$690k). pic.twitter.com/oqM08ex1Yg
— PeckShieldAlert (@PeckShieldAlert) March 22, 2022
How Did It Happen?
Some hours after announcing the hack, Arthur detailed the method of the hacker for exploiting his wallet. It seems odd that an investor at this level has been hacked with an email. Arthur himself didn’t think a bit that it may happen to him, too.
The hacker has used a social engineering attack method. The email sent to Arthur seems completely legit and contains general-industry content. The hacker surely has studied DeFience Capital’s behavior and interest and has designed a very clever email containing a phishing link.
The link in the phishing address contained a PDF file that seemingly let the hacker exploit Arthur’s addresses. Anyhow, the hack has resulted in more than a $1Million loss for this crypto investor. It again shows the importance of security precautions were opening links and generally behaving in the online world.
Today, many people hold cryptocurrencies and NFTs in their hot wallets. These wallets are somehow safe because of offering a private key to the user, but they’re still vulnerable because of being connected to the internet. If one user isn’t careful enough in opening links and entering passwords, they may lose their held assets in hot wallets, just like what happened to Arthur Cheong.
Many experts suggest using cold wallets like hardware wallets for holding digital assets that you don’t trade occasionally. These wallets are safer because of being disconnected from the internet. But security actions should be made on these wallets, too.