How a small error led to one of biggest NFT heist in history? 100,000 users affected

Internet entrepreneur Justin Kan had recently launched his own non-fungible token (NFT) platform, joining a growing but controversial trend. Although Kan’s obvious goal was to make a profit, shortly after its launch the platform suffered a severe security incident that affected investors.

Zach Bussey, a specialist in NFT platforms, says that Kan’s official Discord server was hacked by unknown actors who convinced users to mint about 3,333 NFT in exchange for a unit of Solana (equivalent to about $ 180 USD currently). This campaign comes at a time when NFT platforms are growing, with social media companies and sports clubs launching their own tokens.

On the other hand, a report by Tech Crunch indicates that a scammer was able to hack the new NFT platform, Fractal. Security experts explained that the cybercriminal sent malicious links to more than 100,000 users.

After victims targeted these fraudulent platforms, they were urged to pay for a new NFT. The hacker was able to trick them after promising them access to 3,333 commemorative tokens, supposedly designed to celebrate the launch of Fractal. The report notes that this is a fraudulent URL, since the letter i in “fractal.is” is lowercase when it should be a capital I.

For some specialists this incident is not really unusual. Recently, the Solana-based Monkey Kingdom project was also compromised, resulting in the theft of more than $1.3 million usd in virtual assets.

The best security measure against these attacks is to verify the legitimacy of the platforms, as these attacks necessarily require the use of malicious websites and phishing and social engineering campaigns.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.