Azuki’s Twitter followers clicked on a malicious tweet link that was actually a wallet drainer that enabled hackers to steal users’ funds.
Popular non-fungible token (NFT) project known as Azuki suffered a major security breach on January 27th. Hackers were able to gain access to the project’s Twitter account and post a malicious link, which was posed as a virtual land mint. However, the link was actually a “wallet drainer” that enabled the hackers to steal over $750,000 worth of USDC from various wallets.
According to data provided by crypto wallet security firm Wallet Guard, the majority of the funds stolen came from a single wallet, which had $751,321.80 USDC drained from it. The data also revealed that hackers stole a further $6,752.62 worth of USDC from various wallets holding 11 NFTs and over 3.9 Ether. In total, the amount stolen was $758,074.42.
Emily Rose, the community manager for the anime-inspired NFT project, confirmed via Twitter that the Azuki account had been hacked. She urged users to not click any links from Azuki’s Twitter account.
The head of community and product manager for Azuki, Dem, also spoke on a Twitter Space hosted by Wallet Guard, explaining that the scammers were able to post the malicious link after gaining control of the Azuki Twitter account.
Dem urged users to “stay safe and stay suspicious” while the Azuki team worked to regain control of the account. Several hours later, Azuki announced that it had regained control of its Twitter account.
The project emphasized the importance of always checking multiple channels to confirm announcements and urged users to reach out to the Azuki “mod team” on Discord if they had any doubts.
Liz Yang, the head of growth at Chiru Labs, the company behind Azuki, stated that the team is “currently in contact with Twitter and investigating the breach.” She added that Azuki “will provide an update once we have more information.”
This incident serves as a reminder that even official and verified accounts can be compromised. Users should always be cautious and treat everything as suspicious until proven otherwise. It’s better to be paranoid in the Web3 space and beyond than to fall for scams.