Hackers Take Over NFT Project Azuki’s Twitter Profile, Steal Over $750K Worth Of Asset

On Friday afternoon, the Twitter account of top NFT project, Azuki, was compromised resulting in the loss of over $750,000 worth of crypto assets. Hackers took over the project’s account and posted a wallet drainer link disguised as an invitation for users to participate in a virtual land mint in The Garden, Azuki’s native Metaverse platform.

Through wallet drainers, phishing mechanisms trick victims into approving transactions that transfer crypto assets from their wallet to the hackers. These assets can be cryptocurrency, NFTs, or other digital assets.

According to data by Etherscan, hackers drained $751,321 in USDC from one wallet within 30 minutes after the malicious link was tweeted. The attackers also took away over 3.9 ETH, 11 NFTs, and $6,742.62 in USDC from other crypto wallets. 

Via a tweet, Emily Rose, the Community manager of Azuki’s account, issued a warning advising users not to click on any link posted by the account.

AZUKI OFFICIAL TWITTER ACCOUNT IS HACKED.

DO NOT CLICK LINKS FROM OUR ACCOUNT.

PLEASE RETWEET.

— Rose | 🌹🐰| ⛩🅱️NGL (@emilyrosemcg) January 27, 2023

Within a few hours, Azuki has been able to regain its Twitter account. Azuki’s management team tweeted about the situation and how they were investigating into the Twitter breach.

We’re on top of the situation, said Azuki Head of Community and Product Manager Dem in a Twitter Space 

Interesting to see that the majority of Web3 providers quickly reacted to warn and block the hackers. For instance, MetaMask Security Research Harry Denley immediately noticed the scam almost and tweeted that MetaMask has since blocked the malicious domain.

⚠️ Azuki twitter account takeover – offending tweet was tweeted on the twitter web app on a mobile device

MetaMask will soon block the domain when cache clears https://t.co/Cqc4gUbY7e pic.twitter.com/yQaTcY3LN5

— harry.eth 🦊💙 (whg.eth) (@sniko_) January 27, 2023

Crypto Market Records Another Cyber Attack For 2023

Unfortunately, Azuki’s cyber attack comes two days after the Twitter account of Robinhood was compromised and used to promote a scam offering crypto tokens and NFTs on the Binance Smart Chain through the PancakeSwap decentralized exchange. The scammers were able to withdraw 26.95 BNB tokens, around $8,200.

 The wallet benefitting from the scam was hosted on the Binance cryptocurrency exchange. Binance CEO Changpeng “CZ” Zhao replied, saying the account had been locked pending further investigation.