Hackers steal 29 Moonbirds valued at $1.5 million in NFT phishing attack

Quick Take

  • The attack has been linked to a Twitter user approaching NFT holders for private trades.
  • Moonbirds have skyrocketed in popularity, making them a top target for hackers.

The crypto Twitter community is encouraging everyone to check links and stay vigilant following a hack targeting the popular Moonbirds non-fungible token (NFT) project. 

Late Tuesday, 29 Moonbirds valued at about 750 ETH ($1.5 million) were taken from their owner, DigitalOrnithologist, according to on-chain data. 

Despite having only launched a month ago, Moonbirds are quickly joining the Bored Ape Yacht Club as a popular target for hackers. The collection, a product of venture capitalist Kevin Rose's Proof Collective, has skyrocketed in popularity and was at the center of a phishing scam shortly after its launch.

Twitter sleuth 0xLosingMoney has linked this new attack to an account on Twitter named @DVincent_, which now, along with its corresponding OpenSea page, has disappeared. He also noted that, prior to the attack, other NFT holders reported being approached by @DVincent_ for private sales.

Among them, Bored Ape holder @just1n_eth described how the account approached him on May 10. "We came to an agreement on price. Then this individual insisted we use a platform called ‘p2peers.io’. I have been in the space [for] over a year and hadn’t heard of it. I instantly knew something didn’t seem right."

Another user responded by saying “the exact same happened to me. I told him I would only use NFTTrader and he kept insisting on the other scammy platform.”

The p2peers site, which is registered to a domain company in Finland, appears to have been suspended. According to Tal Be’ery, security research manager and co-founder and CTO of ZenGo, the aim of directing people to such sites is to trick victims into signing and approving a transaction that transfers ownership to the attacker.

Phishing attacks, particularly on Twitter, continue to plague the NFT community. Last week hackers also gained access to the Twitter account of NFT creator Mike Winkelmann, aka Beeple, and carried out a phishing attack that netted them $483,000 in cryptocurrency and NFTs.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.