Unfortunately, non-fungible token collections (NFTs) continue to be prime targets for hackers, and the Azuki project has been hit. A malicious individual took over the project’s Twitter account to share a phishing link and managed to steal funds from some users.
Azuki Twitter account in the wrong hands
On Friday 27 January, the Twitter account of the Azuki non-fungible token (NFT) project was hacked. The perpetrator invited the Azuki community to come and “claim land” in “The Garden”, the metaverse dedicated to the collection
Screenshot of malicious tweet, since deleted (link hidden)
Unfortunately, via this seemingly honest link, members of the Azuki community had their wallets emptied by giving malicious permission on the phishing site. In just 30 minutes, 11 NFT and 3.9 ETH were retrieved by the hacker, and 750,000 USDC were sent to his wallet, now identified as a phishing site by Etherscan.
The USDC were then sent to another wallet, also identified by Etherscan, which swapped its tokens for WETH (Wrapped Ether) through the Uniswap V3 decentralized finance (DeFi) protocol via 2 separate transactions visible here and here.
The project’s community manager, Rose, quickly confirmed the hack of the Azuki account. Fortunately, the damage was relatively limited thanks to the reactivity of the community, since MetaMask for example quickly blocked the domain concerned to protect its users, just as Phantom or ZenGo did.
A rather murky affair
Azuki’s Twitter account was fortunately recovered in the evening, and a post-mortem tweet was published overnight from the project.
1/ The @AzukiOfficial Twitter was compromised today. A series of malicious tweets were posted during the morning of Friday, Jan 27th (Pacific Time).
The team has regained control of the @AzukiOfficial Twitter.
Details below
– Azuki (@Azuki) January 27, 2023
As mentioned in the thread, the Twitter account was recovered relatively quickly thanks to work carried out in conjunction with the social network teams. However, the origin of the breach remains a mystery, as it seems, according to the release, that the account concerned was secured by a two-factor authentication (2FA) method. An investigation has therefore been launched by Azuki in order to shed light on the matter.
ZachXBT, known for his on-chain investigations, seems to have found the beginning of a lead. According to him, it is the same individual who managed to hack the Twitter accounts of the NFT projects Mutant Hounbds, AKCB and Chimpers.
Was the same scammer named Lock who compromised Mutant Hounds, AKCB, and Chimpers Twitter accounts recently. pic.twitter.com/YSgy6SnvJr
– ZachXBT (@zachxbt) January 27, 2023
He also explains that the flaw could have come from Twitter’s side and that Azuki’s teams could not have done anything more to prevent the attack, which would explain the flaw bypassing the 2FA, a recognized security measure. Indeed, we have seen hackers willing to pay large sums of money in the past to bypass the security of Twitter accounts.
However, this is only speculation and nothing has been confirmed yet. However, it would be very interesting to understand how the same hacker was able to gain access to so many different Twitter accounts
