Arthur Cheong, the founder of DeFi and web3-focused venture capital firm DeFiance Capital, has lost more than $1.6 million worth of non-fungible tokens (NFTs) in a hack today. The unknown hacker began draining NFTs from an Ethereum wallet owned by Cheong.
This was confirmed by Cheong via a statement posted on Twitter on Tuesday.
He tweeted, “Well not sure what happened, need to take time to figure it out. Didn’t expect this to happen to me as well. Guess no more hot wallet usage then.”
A security and analytics firm, PeckShield, estimated that the stolen assets included 17 Azuki, 5 CloneX, 2 Hedgies, and 33 Second Self. These are all popular NFT collections that the hacker stole and then sold on marketplaces such as OpenSea. The hacker also transferred other tokens including 68 wrapped Ether (wETH), 4,349 staked DYDX (stkDYDX) and 1,578 LooksRare (LOOKS) tokens.
Well not sure what happened, need to take time to figure it out. Didn't expect this to happen to me as well.
Guess no more hot wallet usage then.
— Arthur 🌔⛩️🦔👻 (@Arthur_0x) March 22, 2022
What you should know
- The hacker’s wallet currently contains about 585 ETH ($1.76 million) that can be traced back to Cheong’s wallet. According to Cheong, the sum may further increase as the hacker still appears to be in the process of moving funds.
- The DeFiance founder said the hacker used a ‘spear phishing’ email to deploy malware on his device, which extracted the seed phrase to his crypto wallet. He also shared a screenshot of the email.
- Cheong tweeted, “Found out the likely root cause for the exploit; it’s a targeted social engineering attack. Received a spear-phishing email that seems to be sent by one of our portco with content that seems like general industry-relevant content.”
- The hacker took on one of the biggest names in DeFi, but may have bitten off more than they could chew, as Cheong warned, “you messed with the wrong person.”
- In a tremendous show of support, the crypto community came to his aid by helping him retrieve the stolen items as he asked people to blacklist the hacker’s wallet. Several individuals on Twitter have attempted to determine exactly how the hack occurred and where the hacker gained access to his wallets.
- NFT community member “Cirrus” went as far as buying two of the stolen Azuki NFTs and deciding to return them to Arthur at cost. Cirrus stated, “found out they were hacked, and instead of selling them for profit like the other folks who got some of his, decided I’d sell them back to him at a cost to help him out.”
This hack highlights the importance of operational security when dealing with the self-custody of crypto assets because even people in the highest levels of the industry can be attacked.
This is not the first time hackers have successfully stolen valuable NFTs from high-profile investors. In one incident in January 2022, a New York-based NFT collector named Kramer said that someone had hacked their wallet and stolen $2.2 million worth of Bored Apes and Mutant Apes.