Hackers theft over $1.4 million worth of Moonbird NFT collection

A non-fungible token (NFT) collector lost more than $1.4 million due to a cyberattack involving a malicious website and social engineering tactics. As reported by blockchain researchers known as Andeh and Cirrus, the victim lost 29 NFTs from the Moonbirds collection, with a minimum value of $48,000 each.

In an interview with Vice, the victim, simply known as Keith, claims that hackers tricked him into visiting a specially designed phishing website: “The site had a smart contract to move all my Moonbirds in one swoop; although at first, the transactions failed, they finally materialized.”

Keith, who claims to be an oncologist, husband, and father of three, claims he decided to invest his life savings in NFT, only to see these assets disappear in a matter of a few minutes.

He added that hackers used a Twitter account to contact him a few weeks ago. After the initial contact, Keith continued to interact with the scammers until he received an offer to sell his Moonbirds collection; the account used by the hackers has already been deleted.

The victim sent a message to the hackers, hoping to recover his collection: “Please return the stolen moonbirds to the original owner. Keep one as compensation.”

The collector adds that, if his tokens are not returned before this weekend, he will notify the FBI about the incident.

Common issues

NFT collectors have become frequent victims of ambitious phishing and social engineering campaigns, as this is a vector of quick and easy access to virtual collections worth tens of thousands of dollars.

The researcher Tal Be’ery was able to analyze this attack, concluding that this operation could be complex for the hackers in charge because they tried to use a smart contract to leave no trace; failing in their attempt, the cybercriminals simply used a conventional address to divert the stolen tokens.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.