Phishing attacks reappear in the NFT field, digital asset security attracts heated discussions in the community

DeFiance Capital founder and Crypto investor Arthur Ox was recently hit by a phishing attack. Hackers managed to hack into Ox’s wallet and took control of NFTs worth over $1.5 million.

The hackers moved the stolen assets to OpenSea, a marketplace for NFTs, including parts of the popular Azuki series, which are priced at thousands of dollars on the platform.

ArthurOx announced the basic situation of the hacker and the new progress of the incident through the Twitter account, he investigated potential reasons for this situation.

ArthurOx said, "In the past, I was quite careful and insisted on only using hardware wallets for transactions on PCs. I didn't start using hot wallets until I started trading NFT more frequently. Hot wallets on mobile phones are indeed not safe enough."

Ox discovered that the attacker obtained two of his private keys, which he used to access funds and sign transactions.

The DeFiance Capital founder requested that the following Ethereum addresses be blacklisted:

0xe47E8cD58c8E95F765e642d7dCB898f622ceFA83。

ArthurOx added: "I found a vulnerability that could be the root cause, which was a targeted social engineering attack. I received a phishing email that really seemed to be about industry-related content."

In a sense, Ox thinks attackers might try to attack other crypto tech founders with similar methods.The hackers managed to send him a message that appeared to be genuine, and "two sources that appeared to be legitimate".

The start of the attack likely came from a document sent to Ox, as well as two images attached to the email. DeFiance Capital warned other users, saying "none of the antivirus software found this file to be malicious."

Ox added that there is solid evidence that the same group of hackers who attacked BZX, Hugh, MGNR and me, the infamous Lazarus group.

According to an anonymous user, the files shared by Ox matched the tactics used by Lazarus.

Hackers hinted at token airdrops as a lure through a document, using a fake Azure Information Protection label from Microsoft.The latter requires users to enable content editing, opening the door to phishing attacks.

Twitter user Gage said, "Looks like Lazarus? Seems to fit their usual modus operandi. Quickly move protected stablecoins, do

cx9be0075b9344590b3cabf61c194db180

secure.azureword[.]com/k6q3afrxddx/yoibgjjd7e/evuethwpcj/cn65qhpls2/。”

The "Lazarus Group," said to be based in North Korea, is one of the most active hacking groups.

Since 2009, the Lazarus group has attacked countless victims using different tactics, stealing their information or taking over their computers.

The original text comes from bitcoinist, compiled and organized by Blockchain Knight, the English copyright belongs to the original author, please contact the compiler for Chinese reprint.

The original text comes from bitcoinist, compiled and organized by Blockchain Knight, the English copyright belongs to the original author, please contact the compiler for Chinese reprint.