A $3 Million Crypto Hack Exploited Social Media For Scam

ndtv.com:

The cyber threat combines with crypto-based crime hitting an all-time high last year.

When it comes to crypto hacks, the story is often the same: Scammers take advantage of a vulnerability in a blockchain's design and make off with millions, like in the $600 million-plus heist involving the play-to-earn NFT game Axie Infinity and the $77 million theft that took place Saturday on decentralized finance projects Rari Capital and Fei Protocol.

But a $3 million hack last week involving nonfungible tokens from the popular Bored Ape Yacht Club universe exploited a different kind of weakness that isn't unique to blockchain. 

Scammers infiltrated the NFT collection's official Instagram account and posted a link to a fake website where users connected their crypto wallets for what they thought was an NFT launch. In reality, they had unwittingly opened themselves up to theft. When the actual launch happened on Saturday, users were again targeted when scammers posted links to fake websites that ended up cleaning users out of NFTs worth a collective $6.2 million.

The incidents exemplify a growing trend in which social media is being used as a tool for amplifying and executing crypto and NFT scams. These thefts aren't just hitting Instagram: Twitter, Facebook, and the chat platforms Discord and Telegram are also fertile ground for these maneuvers, according to Ronghui Gu, chief executive officer of blockchain security firm CertiK.

“We have seen more and more attacks and hacks in web3 and the blockchain industry and many of them have new forms of attack, which we haven't seen before,” Gu said in an interview.

The escalating social-media cyber threat combines with crypto-based crime hitting an all-time high last year, according to blockchain