How a Hacker Stole $750K of NFTs from Gutter Cat Gang

NFTs, or non-fungible tokens, are unique digital assets that can represent anything from art to music to games. They are stored on a blockchain, a secure network of computers that keeps track of who owns what. NFTs have become very popular and valuable in recent years, attracting collectors, investors and artists.


However, NFTs are not immune to cyberattacks. In a recent incident, a hacker managed to take over the Twitter account of Gutter Cat Gang, a well-known NFT collection that features 3,000 pixelated cats with different traits and personalities. The hacker also hacked the account of one of the co-founders of the project, known as Gutter Cat.

Using these accounts, the hacker posted a phishing link that claimed to offer free NFTs from GutterMelo, another collection that was launched by the same team in October 2021. GutterMelo features 3,000 melon-headed cats with various accessories and backgrounds.

The fake link was designed to trick users into connecting their cryptocurrency wallets to a malicious website that would drain their funds and NFTs. A cryptocurrency wallet is a software or hardware device that allows users to store and send cryptocurrencies and NFTs.

At least 16 users fell for the scam and clicked on the link, losing at least 87 NFTs in total. The stolen NFTs were worth around $750,000 at the time of the theft. One of the victims lost a rare Bored Ape NFT that had been sold for $125,000 in September 2021. Another victim lost 36 NFTs in one transaction.

The hacker transferred the stolen NFTs to various addresses and then sold some of them on secondary markets such as OpenSea, a platform where users can buy and sell NFTs.
The Gutter Cat Gang team apologized for the incident on Twitter and said they were working with law enforcement to track down the hacker and prevent similar attacks in the future. They did not mention any plans to reimburse the affected users for their losses.

How did the hacker bypass security measures?

The hacker was able to bypass the security measures that the Gutter Cat Gang team had in place, such as multi-factor authentication (MFA), which requires more than one piece of evidence to verify one’s identity. For example, MFA may ask users to enter a password and a code sent to their phone or email.

According to a crypto investigator named ZachXBT, who analyzed the incident, the hacker likely used a technique called SIM swap, which involves tricking the phone provider into transferring the victim’s phone number to a new SIM card that the hacker controls. This way, the hacker can receive text messages and phone calls that are meant for the victim.

In this case, Twitter allows users to reset their passwords by sending a code via text message to their phone number. After performing the SIM swap, the hacker used this feature to gain access to the Twitter accounts of Gutter Cat Gang and Gutter Cat.

ZachXBT also suggested that the hacker may have used phishing emails or malware to obtain the passwords of the accounts in the first place.

How can users protect themselves from similar attacks?

The incident highlights the importance of securing one’s online accounts and cryptocurrency wallets from hackers. Here are some tips on how to do so:

• Use strong and unique passwords for each account and change them regularly.
• Use a password manager to store and generate passwords securely.
• Enable MFA whenever possible and use an authenticator app instead of SMS or email codes.
• Do not click on suspicious links or open attachments from unknown sources.
• Verify the authenticity of websites and social media accounts before entering any information or connecting any wallets.
• Use a hardware wallet or a cold storage device to store large amounts of cryptocurrencies and NFTs offline.
• Backup your wallet’s recovery phrase or private key in a safe place.
• Be careful when joining online communities or groups related to cryptocurrencies and NFTs. Some of them may be infiltrated by scammers or hackers.
• Do not share your personal or financial information with anyone online.
• Educate yourself about common scams and threats in the crypto space.

Conclusion

NFTs are an exciting and innovative form of digital art and culture, but they also come with risks and challenges. Hackers and scammers are always looking for ways to exploit the vulnerabilities of the technology and the users. The Gutter Cat Gang incident is a reminder that users need to be vigilant and cautious when dealing with NFTs and cryptocurrencies. By following some basic security practices, users can protect themselves and their assets from potential losses.

What do you think of the Gutter Cat Gang incident? Have you ever experienced or witnessed a similar attack? How do you secure your NFTs and cryptocurrencies? Share your thoughts and opinions with us in the comments section below. Thank you for reading!

My Recent Articles

• Draining Liquidity in Crypto: What You Need to Know
• Bitcoin Could Transform the World of Finance, Says BlackRock CEO
• How Proof of Work Makes Bitcoin Secure and Decentralized
• The Evolution of Money: From Shells to Crypto and Beyond
• MetaMask Security Tips: How to Block Infinite Approval Scams
• How to make a quantum computer that can do anything
• Seed Funding: The Ultimate Guide for Startups Part 1
• Seed Funding: The Ultimate Guide for Startups Part 2
• Meta’s Threads: The New Social Media Sensation