Twitter scammers compromised the account of NFT influencer Zeneca on July 19. The hackers also compromised Zeneca’s Discord account. After hacking the accounts, the bad actors shared a link to a fake airdrop of the Zen Academy Founders Pass.
Reportedly, the hackers tricked unwitting NFT collectors into connecting their wallets to a phishing site.
One of the tweets read,
Hey everyone wanted to do something special for the community so here I go! I would like to announce the official release of the Zen Academy Founders Pass airdrop. There will be 333 of these passes to start off. The lucky few that manage to get one.
However, hawk-eyed enthusiasts quickly noticed the scam and started flagging Zeneca’s account minutes after the hacker posted the first tweet. Twitter’s Head of Consumer Marketing, Justin Taylor, locked down the account 40 minutes after the attack.
.@Zeneca_33 has been hacked, but is now locked down.
Will be getting him access back soon
— Justin Taylor (@TheSmarmyBum) July 19, 2022
The influencer said they have no idea how the attackers accessed his Twitter and Discord accounts. Zeneca alleges his accounts have two-factor authentication (2FA) using Google Authenticator. Additionally, he claims no one had access to his devices.
Hey all, this is Zeneca.
I’m really sorry for what happened / is happening in relation to my Twitter account being compromised.
I have very little idea of how it happened. I had 2FA on using Google Authenticator, and my physical device(s) haven’t left my sight all night.
— ZenAcademy 🔮 (@ZenAcademy_) July 19, 2022
Zeneca has since regained access to his account. However, it remains unclear how much damage the hackers caused while active.
Phishing Attacks Continue Plaguing the NFT Space
This attack came a day after Yuga Labs warned of a notorious hacker group orchestrating attacks on NFT communities. Yuga Labs’ tweet read,
Our security team has been tracking a persistent threat group that targets the NFT community. We believe that they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts. Please be vigilant and stay safe.
— Yuga Labs (@yugalabs) July 18, 2022
Yuga Labs’ warning came after suffering a similar tragedy not too long ago. In the past month, the company suffered a phishing attack that resulted in the loss of 200 ETH ($360,000) worth of NFTs. Notably, this was Yuga Labs’ third exploit this year.
At the time, Gordon Goner, co-founder of Bored Ape Yacht Club (BAYC) blamed Discord for the hack. According to him, Discord is not working for Web3 communities because it does not prioritize security.
Discord isn’t working for web3 communities. We need a better platform that puts security first.
— GordonGoner.eth (@GordonGoner) June 4, 2022
Security continues to prove a tough nut to crack for the NFT space. On June 29, leading NFT marketplace OpenSea announced a data breach that potentially exposed users to threats. OpenSea said an employee of its email delivery vendor, Customer.io, downloaded and shared customer email addresses with an unauthorized external party.