Prominent KOL "NFT God" falls victim to a theft despite using a cold wallet, SlowMist founder reminds: Regularly review private keys and mnemonic phrases.
A well-known NFT influencer and content creator, NFT God, stated on the 14th:
My computer was hacked, and all my cryptocurrencies and NFTs were stolen.
How did this happen? And how can it be prevented?
Advertisement - Please scroll down for more content
Table of Contents
NFT God After Downloading the Game: Digital Assets, NFTs, and All Accounts Hacked
NFT God stated that all aspects of his digital life had been compromised, not only his digital assets but also all his private and work accounts including Twitter, Substack, Gmail, Discord, which were used to harm others.
How did it all begin?
He mentioned that he downloaded OBS onto his desktop. OBS is a streaming software that NFT God intended to use for game live streaming, but inadvertently clicked on a sponsored link on Google.
After running the exe. file and playing the game for a few hours without any issues, a friend informed him, "Your Twitter account has been hacked!" He immediately deleted the fraudulent post two minutes after the hacker posted it.
However, things were not that simple.
Shortly after, someone told him, "What happened to your Bored Ape?" That's when the situation took a turn for the worse.
NFT God's OpenSea page showed that ownership of his Bored Ape had been transferred to another wallet. All his digital assets and NFTs had been siphoned off.
"I know this is just the beginning. It's not just the wallet that was compromised. My entire digital life has been attacked,"
He rushed to his computer, deleted all passwords, wiped all data, and reinstalled the Windows system.
Since NFT God publishes newsletters, the hacker sent emails to his 16,000 Substack subscribers. He mentioned that he not only lost valuable digital assets but also the priceless brand and community trust that pained him the most.
Even Cold Wallets Were Hacked? NFT God: Misconfigured
NFT God mentioned having a Ledger cold wallet but made a critical mistake. "I set it up like a hot wallet."
He messed up the way he entered the mnemonic phrase, rendering the cold wallet no longer a cold storage device.
"My wallet did not sign or mint anything malicious," NFT God explained.
Cos, the founder of cybersecurity company SlowMist, commented that this happened because the mnemonic phrase on NFT God's computer was connected to the internet, making it vulnerable to malware. He advised:
"Regularly review your private key/mnemonic. If it has been exposed to the internet or to anyone else you trust, consider the worst-case scenario that your private key/mnemonic has been compromised. Also, check the wallet's authorization status."
"Digital security is not just about buying a cold wallet. You must also be very cautious about everything you do online," NFT God said.
He mentioned that he would learn to let go, look ahead, stay positive, and not let negativity bring him down. "At least I still have my health, family, and friends' support."
SlowMist Founder: MetaMask Previously Disclosed Similar Vulnerabilities
MetaMask announced in June 2022 that selecting "Display Seed Phrase" on the desktop version would temporarily store the seed phrase on the computer's hard drive, potentially exposing it in case of a breach. However, the mobile version of MetaMask was not affected.
Cos, the founder of SlowMist, stated, "We have discovered security risks of plaintext seed phrases several times, especially when obtaining the target user's seed phrase or private key without a wallet password."
MetaMask provided three preventive measures:
- Enable full disk encryption on your computer, as this is the only way to ensure that the computer's content cannot be physically accessed. Tutorial
- Clear browser cache data
- Remember that protecting your computer device is your responsibility. If the operating system is compromised, no wallet or software can guarantee security. Learn how to avoid installing viruses on your computer.
Cos, the founder of SlowMist, previously said:
"The two key security issues in Web3 are: key, referring to private keys, sign, referring to signatures. If these two security issues can be resolved while improving user experience, then the application is a very successful entry-level application. Do not approach this application with a Web2 mindset because I see many security design flaws in Web2 thinking."
Related
- STEPN collaborates with Adidas to release co-branded NFTs, promoting a healthier lifestyle through gamified earning opportunities.
- Starbucks Ends NFT Rewards Program Without Warning to Prepare for Next Phase of Initiatives
- Magic Eden and Yuga Labs will launch an Ethereum NFT trading market tomorrow, where royalties will be enforced.