FVCKRENDER received a dm on Twitter inquiring about a potential project and asking to share files to his email. FVCKRENDER, thinking this inquiry was legit, opened up an SCR file. This, in turn, resulted in a trojan virus being installed into his computer.Ā
Be really careful out there I was dumb enough to not overlook this and open their SCR file and got my metamask swiped from Ć to Z all my tokens gone. They tried to access other app but my 2fa blocked them to. Iām an idiot donāt me an idiot like me and secure your shit. pic.twitter.com/gAins00taH
— FVCKRENDER (@fvckrender) June 11, 2021
Manifold, an NFT product company, provided FVCKRENDER with a temporary secure address to send his most essential assets to minimize the hackās damage. According to Manifold, the order of importance of those assets were:Ā
- ETH balance
- High value ERC20 tokens
- ENS domains
- Contract ownership of his minting contract
- High-value NFTās
- Locking down profiles on OpenSea, Foundation, Makersplace, Rarible, SuperrareĀ
The hacker man was apparently able to drain a small amount of ETH, ERC20ās, and 40,000 AXS from the wallet.Ā
they took 40,000 AXS https://t.co/8ShXFlKj46
— FVCKRENDER (@fvckrender) June 11, 2021
Some lessons to learn from this hackĀ Ā
This hack is an example of why you shouldnāt have your seed phrase stored anywhere on a computer. A hacker can dig through files, data, and caches to find the seed phrase. Also, FVCKRENDERās primary wallet was not a hardware wallet that allowed the hacker man to access most of his assets. This hack might encourage more people to start using hardware wallets as they are one of the best ways to secure assets.Ā
Richerd did a great thread on how to protect yourself from a hack like this one.
PSA: Important! ā ļø
— richerd (@richerd) June 12, 2021
Best practices for securing your wallet / digital identity
TLDR:
- Use a hardware wallet
- Make sure the seed phrase for your wallet is COLD
- Test your recovery
- Have redundancy and security for your seed phrase
details below: š
One of the best things to see about this situation is the community response. Many people have brought light to other various attacks. Also, they have been sharing information on how not to fall for these skems.Ā
The amount of message of people telling me how much me sharing what happened to me saved their asses makes me fuckin happy. Iām grateful that my loss helps others around me ā¤ļø
— FVCKRENDER (@fvckrender) June 13, 2021
Small thread on the recent attacks to NFT artists, and how to prevent it. #NFTLamers #StolenNFT #NFTArt pic.twitter.com/KvrsuyQaeT
— š ArielBeckerArt.eth #SquidGang š¦ (@arielbeckerart) June 10, 2021
If you are a victim of a skem, itās probably best you share your situation. This would prevent other people from falling victim to a similar attack and would build the community to weed out attacks from hackers.Ā
Stay safe out there
