Yesterday, an unknown hacker assumed control of digital artist Beeple‘s Twitter account for five hours and posted malicious links, possibly resulting in the loss of over $438,000 worth of cryptocurrencies and NFTs.
Teasing a fake Louis Vuitton x Beeple collaboration, the hacker first tweeted out a raffle entry and then a link where followers could claim one of 200 free NFTs Beeple was supposedly offering.
“Stay safe out there, anything too good to be true IS A FUCKING SCAM,” Beeple tweeted Sunday morning. “And as side note, there will never be a SURPRISE MINT I mention one time in one place starting at 6am Sunday morning. 🤦♂️”
While it’s yet unclear exactly how much money was lost, Harry Denley, a developer and security expert at MetaMask, estimated that the first scam link resulted in the loss of 36ETH, or approximately $73,000, he said in a series of tweets. The second link, he said was more sophisticated and was able to drain wallets of Ethereum, Wrapped Ether (a token pegged to Ether) and NFTs, resulting $438,000 in losses, according to his calculations.
Beeple, whose real name is Mike Winkelmann, told ARTnews that it is impossible to know if money was actually lost in the hack.
“Not sure if you’re aware but it’s literally impossible to see if ANY money was stolen,” Beeple told ARTnews in a text. “Anyone can just make a wallet and then transfer the money to it to make it ‘appear’ [that] they lost money through washtrading. Which people do to then try to get someone to give them a ‘refund’.”
Bad actors continue have access to Beeples Twitter account and they have now tweeted another phishing domain.
This one just prompts the user to send ETH to an EOA (0xcad7fc974F61A08ADEF110D1BA446fa5b5B5Bb27).
Infra: 44.227.238.106 pic.twitter.com/HzTga1OvNK
— harry.eth 🦊💙 (whg.eth) (@sniko_) May 22, 2022
Beeple is arguably the most famous digital artist in the world following his record breaking sale of the NFT Everyday’s: The First 5,000 Days at Christie’s for $69.3 million last March. With a large following of 673,200 people and a trustworthy reputation, Beeple was a perfect target for this kind of scam.
Twitter user Nate Jones, a warehouse material handler in Indiana, was one of many responding to Beeple’s tweets in disappointment about the hack. Unlike Jones, many requested that the artist offer refunds or claimed to have lost life savings, though such claims would be difficult to verify.
“I woke up and saw the post by Beeple and assumed it real, because he is verified,” Jones told ARTnews in a direct message. Jones described hurrying to get the money in his account to enter the raffle and trying to push two transactions through. “It was a complete fingers crossed moment, hoping to hit on a free art work essentially.”
Jones said he lost less than a couple of dollars. A screenshot he sent of the transaction showed that the link he clicked was for a free raffle and that he only had to pay the gas fee. This is odd on two counts, first, that Jones didn’t have to pay more for the raffle, and second, that his gas fees were unusually low. These hacks often affect different victims differently, and it’s hard to know why.
The crypto space has been hit by a number of hacks this year.
Last month, the Bored Ape Yacht Club’s Instagram page was hacked, which resulted in a loss of $3 million worth of assets in a phishing scam. Just last week, comedian Seth Green reported that he had lost several NFTs to a phishing scam.