Founder of the cryptoasset fund DeFiance Capital, Arthur Cheong, has seen one of his hot wallets compromised, resulting in the loss of over 70 blue-chip non-fungible tokens (NFTs) worth over USD 1.76m. The incident is another stark reminder for all NFT investors to be extra careful - and less trusting - when it comes to their digital assets.
Known as Arthur0x, Cheong has speculated that the root cause for the exploit is "a spear-phishing email" he received that appeared to be from one of their portfolio companies.
"Found out the likely root cause for the exploit, it's a targeted social engineering attack," he said. "Received a spear-phishing email that really seems to be sent by one of our portco with content that seems like general industry-relevant content."
Echoing the same viewpoint, Adam Cochran, a crypto researcher and partner at the venture fund Cinneamhain Ventures, said Cheong's computer might have gotten infected with a virus after opening a PDF pitch deck.
"Have had some cold email pitches in the past that virus scanners caught were compromised, so I always request people wrap stuff in docsend or something," Cochran said, adding that this has become a "common attack vector for investors."
Yea might be since I receive lots of unsolicited pitch deck and sometimes I will check them out
Cochran noted that file extensions like PDFs, .docxs, .xlsx, and .jpeg, which are sometimes used for making pitch decks, are the most common risks, and there is even the possibility that a virus scan won't be able to detect it.
On the other hand, it is safe to view files using uploaders like Google Drive and Docsend, which strip out macros and other underlying code, he added.
"Personally I only take decks that are on docsend or google
Read more on cryptonews.com