Fake IT Insiders Steal $1M in Crypto Across NFT Platforms, ZackXBT Reports

Cyber criminals pretending to be genuine IT professionals carried out a series of increasingly costly security breaches. These attacks caused nearly $1 million in stolen cryptocurrency from various Web3 projects. Onchain investigator and cybersecurity analyst ZackXBT first uncovered the incidents. Hackers compromised dozens of projects within the non-fungible token (NFT) ecosystem and carried out similar attacks on unrelated teams.

The breaches affected multiple platforms, including Web3 fan-token marketplace Favrr, and NFT projects Replicandy and ChainSaw. Other teams lost out too, although ZackXBT’s report on X didn’t identify those teams. Together, the attacks serve to underscore the growing level of sophistication that cybercriminals are operating with in attacking the growing digital asset space.

Of these incidents, one of the largest breaches impacted approximately 69,461 Coinbase users. The breach made sensitive personal information, including home addresses, phone numbers, and other identity markers public. The original report of the data breach came from the Latham and Watkins law firm, which only served to increase the fear and uncertainty of those affected.

Too, the stolen crypto from Favrr was transferred to nested services, further obscuring its trail. At the same time, funds from the ChainSaw hack are largely still sitting untouched, per ZackXBT. The threat actors obfuscated the stolen money’s trail by transferring it across multiple exchanges and wallets. They wanted to obfuscate the source and spend of the funds.

Their hackers would impersonate real IT employees to access sensitive systems and information. They were able to rapidly exfiltrate both cryptocurrency and PII. Consequently, this breach resulted in hundreds of millions in monetary loss and increased chances of identity theft for these users.

These occurrences are a stark reminder of the need for stronger cybersecurity practices across Web3 initiatives and crypto exchanges. To ensure similar breaches never occur again, mandate stronger verification procedures for IT staff. Beyond that, implement multi-factor authentication and regularly monitor unusual network activity.