DeFiance Capital founder loses $1.6M in hot wallet hack

Published at: March 22, 2022

Founder of major crypto investment firm DeFiance Capital, “Arthur_0x”, has suffered a hack on one of his hot wallets resulting in the loss of more than $1.6 million in nonfungible tokens (NFTs) and crypto.

In a tremendous show of support, the crypto community has come to his aid to help retrieve the stolen items as he asked people to blacklist the hacker’s wallet. Several individuals on Twitter have attempted to determine exactly how the hack occurred and where the hacker gained access to his wallets.

NFT community member “Cirrus” went as far as buying two of the stolen Azuki NFTs and deciding to return them to Arthur at cost. Cirrus told Cointelegraph today that he:

“found out they were hacked, and instead of selling them for profit like the other folks who got some of his, decided I’d sell them back to him at cost to help him out.”

Cirrus added that this “isn’t the first time” this has happened to him. He said, “I could easily go sell them for 6-8 ETH profit, but it just isn’t right.” His profile states that he has been a victim of rug pulls three times before, which likely guided his sympathies for his fellow victim.

Yo @Arthur_0x two of my bids got accepted on your hacked Azukis. Willing to get them back to you at cost. DM me pic.twitter.com/cBIX9QNLNu

— Cirrus (@CirrusNFT) March 22, 2022

A rug pull is when a crypto or NFT project suddenly closes down and the value of their token or NFT plummets without prior warning. In most cases, rug pulls are confirmations of a scam.

In total, Arthur appears to have lost 78 different NFTs from five collections, mostly Azukis. He also lost 68 Wrapped Ether (WETH), 4,349 Staked DYDX (stkDYDX), and 1,578 LooksRare (LOOKS) tokens. The hacker began moving assets at about 12:30 am UTC, then promptly put all the NFTs up for bid on the OpenSea NFT marketplace. As of the time of writing, the hacker’s wallet held 545 ETH worth about $1.6 million.

This hack highlights the importance of operational security when dealing with the self-custody of crypto assets because even people in the highest echelons of the industry can be attacked. In Arthur’s case, he is baffled by how this happened to him as he wrote in a tweet “Hot wallet on mobile phone is indeed not safe enough.”

Was pretty careful and stuck with only using hardware wallet on PC until I start trading NFT more regularly. Hot wallet on mobile phone is indeed not safe enough

— Arthur ⛩️ (@Arthur_0x) March 22, 2022

Had Arthur used a hardware wallet, otherwise known as a cold wallet, he may not have been protected from this attack. Unlike a hot wallet, a hardware wallet is not always connected to the network. It also keeps one’s private key and seed phrase safe from intrusion. However, Arthur believes the security breach happened due to a transaction he made on-chain which would also have compromised a hardware wallet.

Related: NeoNexus founder pulls the plug on popular Metaverse NFT project

NFT and crypto scams are always a danger, so investors should take the highest security precautions with their assets. There are even serial scammers who design projects to take advantage of the NFT community and pull the rug then move on to the next scam. As Cirrus pointed out:

“This is a gold rush for hackers and they’re doing everything they can to come up with new ways to take advantage.”

In light of the frustration and irritation at the hack, Arthur had stern words for the party who stole his assets, stating in a tweet, “The only thing I can say to the hacker is: you mess with the wrong person.”

Tags
Blockchain
Nft
Hackers
Hardware Wallet
Hot Wallet
Related Posts
How to protect yourself from the recent spate of ‘crypto muggings’
There has been a spate of “crypto muggings” in London recently, with thieves threatening crypto holders with violence unless they transfer over their digital currencies held in mobile phone wallets or on crypto exchanges. As detailed by The Guardian UK, crime reports from the City of London police detail how thousands of dollars worth of crypto has been stolen by thugs in person. One victim said their phone had been pick-pocketed while out drinking and later realized over $12,000 worth of Ether (ETH) had been siphoned from their Crypto.com account. The victims believe the thieves witnessed them type in their …
Blockchain / May 13, 2022
Ledger Discloses Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets
Major hardware wallets manufacturer Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices, according to a report published on Monday, March. 11. As of press time, Trezor was not immediately available to comment on Ledger’s findings. The study states that the vulnerabilities were found by Attack Lab, the company’s department that hacks into both its own and competitors’ devices to improve security. Ledger claims that it has repeatedly addressed Trezor about weaknesses in their Trezor One and Trezor T wallets, and has decided to make them public after the responsible disclosure period ended. The first issue is related to …
Blockchain / March 11, 2019
Mintable pledges to return NFTs stolen in OpenSea exploit
Major nonfungible token (NFT) marketplace OpenSea announced a service upgrade on Saturday, which requested that users migrate their listed assets from the Ethereum (ETH) blockchain to a newly created smart contract. However, in the hours that followed, 32 users of the platform became victims of a targeted email phishing attack which resulted in an anonymous entity stealing $1.7 million worth of ETH. OpenSea CEO, Devin Finzer published a tweet thread explaining that the breach was orchestrated via fake email scams which assured users of their OpenSea identity, convinced them to sign a digital message with their wallet, and therefore unknowingly …
Blockchain / Feb. 23, 2022
MetaMask warns Apple users over iCloud phishing attacks
ConsenSys-owned crypto wallet provider MetaMask has sent out a warning to the community regarding Apple iCloud phishing attacks. The security issue for iPhone, Mac and iPad users is related to default device settings which see a user’s seed phrase or “password-encrypted MetaMask vault” stored on the iCloud if the user has enabled automatic backups for their application data. In a Twitter thread posted on Monday, MetaMask noted that users run the risk of losing their funds if their Apple password “isn’t strong enough” and an attacker is able to phish their account credentials. To fix the issue, users can disable …
Blockchain / April 18, 2022
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022