DeFiance founder hacked | Clicking on the document allows hackers to access wallet, accuses North Korean hacking group "Lazarus"
The wallet of the founder of the cryptocurrency venture capital firm DeFiance Capital was recently hacked, with a large number of high-value NFTs being sold off by hackers and netting them around $1.6 million. The founder analyzed the hack and suggested that it may have originated from an inconspicuous PDF file that no antivirus software would flag as malicious.
Table of Contents
High-Value NFTs Hacked
Founder Arthur Cheong, known as Arthur_0x, recently tweeted that his hot wallet was hacked for unknown reasons, resulting in the theft of numerous high-value NFTs and Ether worth over $1.6 million.
According to his wallet address and information compiled by data research firm PeckShield, Arthur's wallet was drained of five series totaling 78 NFTs, with the prominent NFT project Azuki being the major target, all of which were subsequently listed for sale on OpenSea.
The stolen tokens included WETH, DYDX stkDYDX, LOOKS, among others, with the hacker profiting around 545 ETH. His wallet has been flagged by Etherscan as Arthur0x Wallet Hacker.
Cause of the Hack
Following the incident, Arthur immediately sought help from the Twitter community, mentioning that he had previously refrained from frequent NFT trading and insisted on using hardware wallets on his computer, which now proves that hot wallets are indeed not secure enough.
Arthur disclosed that he was using Bitdefender GravityZone antivirus software, had two different sets of private keys/mnemonics for his hot wallets, and both wallets were compromised by the hacker. Venture partner Adam Cochran inquired:
Have you recently opened any PDF Pitch Decks on your computer? I had some long-forgotten pitch decks that were flagged by antivirus as malicious, so I always ask people to share documents using DocSend or other platforms, as this is a common vulnerability.
Adam Cochran emphasized that PDFs, .docs, .xlsx, and even .jpeg files could pose risks, a possibility that Arthur does not rule out.
Arthur later suggested a possible cause, stemming from an email sent by their subsidiary containing a Word document attachment, suspecting that the hacker's scope of monitoring might cover all relevant individuals in the crypto industry.
Community Support
With the assistance of Recovering co-founder Jun Hao, Arthur finally put an end to this ordeal, although he did not disclose the nature of the assistance received. Jun Hao stated:
In this long and immensely stressful process, I have learned a lot. You may usually have 95% of your security defenses in place, but all it takes is one vulnerability to end the game. No matter how tight your security is, you can never assume you can stop any hacker. Stay vigilant and don't let your guard down.
NFT collector and developer StockEd NFT’s urged:
Beware of any Azuki NFTs up for auction, as they appear to be stolen from Arthur's wallet. Please refrain from purchasing any NFTs listed by that address.
The crypto community at Cirrus NFT actively assisted by repurchasing two Azuki NFTs for Arthur.
Arthur, the victim, finally expressed to the community that if anyone buys any of his stolen NFTs, he would be grateful if they could HODL first, and he will contact them once everything is settled.
Furthermore, he strongly affirmed that the hacking group involved in this incident is undoubtedly the Lazarus Group, a North Korean hacking organization that previously targeted the lending platform bZx.
Related
- Hong Kong crypto whale Zheng Zhigang, who invested in Azuki and Sandbox, steps down due to poor performance in his main business.
- Starbucks appoints interim CEO, will new CEO Niccol revive NFT and Metaverse plans?
- Ethereum NFT trading volume nears annual high, Pudgy Penguins market value ranks third closely behind Bored Apes