How Jay's NFT was stolen by hackers on April Fool's Day
How Jay's NFT was stolen by hackers on April Fool's Day
April 1, 2022
April Fool's Day
Jay posted on Instagram that
Possession of BAYC#3738 NFT has been stolen!
Nani?
How dare you steal the digital collection of the King of Chinese?
When everyone thought it was a joke
Hackers have transferred and sold Jay's NFT
April Fool's Day
How did hackers target Jay's NFT?
And how was it transferred?
Although the process is simple
But this NFT anti-theft tip
Maybe it suits Jay
How did Jay's NFT get transferred?
It is understood that the NFT was presented by Huang Lixing in January this year.
After a look by the Chengdu Chain Security technical team, it was found that Jay signed the wallet address beginning with 0x71de2 to authorize (approve) the transaction at around 11:00, granting the NFT permission to the attacker's wallet beginning with 0xe34f0. Perhaps at this time Jay was not aware of his NFT, which was already at risk.
In just the past few minutes, the attacker transferred the Bored Ape BAYC #3738 NFT to his own wallet address at 11:07.
However, hackers seem to have set their eyes on the Chinese pop king and proceeded to steal 1 MAYC and 2 Doodles held by Jay Chou as well.
After the attackers got their hands on the stolen NFTs, they sold them on LooksRare and OpenSea, gaining about 169.6 ETH.
The funds currently rest at this address beginning with 0x6E85C, and just like that, Jay's NFT was hacked for profit.
I would like to say, brother Jay, theft is theft, quickly prepare a new album.
What are the risks of NFT?
In several previous articles, we have pointed out that the current NFT risks can be broadly classified into two categories.
One is the authorization problem of NFT itself (NFT holders can authorize other addresses as proxies), which may be due to misuse by NFT holders, resulting in hijacking of NFT privileges (mainly phishing sites, wallet-level insecure interface calls).
Second, the external risks introduced by NFT's participation in the DEFI system, such as: the security risks associated with the NFT pledge mining contract itself, which is basically the same as the regular DEFI risks.
In addition, we need to guard against various fraudulent schemes.
For example, scammers may send you links to fraudulent websites through Discord, or send fake transaction links to lure you to click on them. In addition, scammers will use various means to trick users into sending their private keys or helper words to themselves, so be sure to protect your private keys and helper words.
These fraud prevention guidelines you need to know
In addition to being wary of NFT hype, you also need to guard against all kinds of NFT scam schemes, the number and scope of fraud related to NFT in the last year also showed an explosive growth, you also need to take extra precautions.
①
Pay attention to the screening of real and fake websites
Be sure to watch out for fake websites, especially phishing websites. Don't authorize so easily! Do not authorize easily! Do not authorize easily!
②
Do not disclose private keys or mnemonics
Protect your private keys and helper words from disclosure. Once compromised, your digital assets are likely to be at risk.
③
Cancel wallet authorization in a timely manner
If you have already authorized your wallet at a fraudulent website, you can check the status of your wallet authorization and cancel it promptly by going to the following address.
https://etherscan.io/tokenapprovalchecker
Recommended Articles
Contract Check
Enter the contract address and automatically populate all relevant data, including: transaction status, buying and selling fees, liquidity size, lock pool percentage, and whether ownership is relinquished. Code level detection: trade switch, commission, increment switch, blacklist, whether adjustable tax, retrieve ownership switch. Position detection. Simple and convenient!
Black technology tools
Related posts
