Vitalik Buterin, co-founder of Ethereum, fell victim to a malicious hack when his X (formerly Twitter) account was compromised. This breach resulted in the theft of approximately $700,000 worth of cryptocurrencies and NFTs.
The attackers used Buterin’s account to promote a counterfeit commemorative NFT mint, claiming it had a limited-time offer to encourage users to swiftly mint these NFTs. However, the provided link led to a phishing website designed to siphon cryptocurrencies and NFTs from the wallets of unsuspecting users, media reports said.
Estimates from crypto investigator ZachXBT and on-chain data revealed that this phishing attack resulted in losses of approximately $700,000 in cryptocurrencies and NFTs. Among the stolen assets was a CryptoPunk NFT valued at 153 ETH, equivalent to $250,000, along with numerous ethers taken from various individuals.
The hacker subsequently sold most of the NFTs, retaining the proceeds in their own wallet.
It appears that the attacker leveraged the notorious Pink drainer software to execute this breach.
Evidence from on-chain interactions between the attacker’s wallet and a wallet identified by the crypto wallet explorer Zapper as belonging to Pink strongly suggests this.
As reported earlier, there exists an underground market of malevolent actors who create and distribute NFT draining software to those interested in conducting phishing attacks. Typically, purchasers of such software share a portion of their gains with the software’s creator. In certain cases, the creator themselves may execute attacks using their own software.