Kyle
Twitter User Says He Was Hacked By A Malicious NFT, But Some Say This Was A Compromised Seed Phrase
Crypto and NFT Twitter were set ablaze today as one user claimed their account was hacked by an unsolicited airdropped NFT.
NFT collector AJ, known as babbler_dabbler on Twitter, tweeted out a thread explaining that his account was compromised and that several pieces were sold and the Eth was transferred out of his account.
“Lost @hirst_official’s The Currency, @SHL0MS shards, @artblocks_io Factory pieces, @tinyblocksart Quadrum, @ApeDao_Remix pieces,” he tweeted. “Probably the only mistake I did was moving the trash NFT’s being sent to my account. FML”
The idea of malicious NFTs being sent to users accounts and then then the user getting hacked is not new. Many in the community have been discussing this lately as more and more users are receiving unsolicited NFTs. The Bored Ape Gazette reached out to Gideon and Edd at Opensea via Twitter but did not receive a response by the time of this articles publication.
While we did not hear back from Opensea, the Bored Ape Gazette spoke with Bored Ape Yacht Club member, 0xWave about this most recent hack.
0xWave explained that in AJ’s case, this hack appears to be a compromised seed phrase and not the work of a malicious NFT. “You need to approve per-NFT contract,” 0xWave explained. “The way to tell it was a seed compromise was by looking at the transactions that accepted bids they were issued from the original wallet meaning seed compromise. if it were a contract that had been granted access, you'd see the malicious actor initiate the txn.”
0xWave is not alone in his opinion that Aj’s account was a seed phrase compromise. Crypto Twitter influencer Foobar tweeted the same thing. “Here is the tx sending WETH from the victim's wallet to the hacker's wallet. Note that the EOA initiating it is the victim. No smart contract black magic, just somebody who probably entered a seed phrase into a phishing site,” he tweeted.
