CryptoNovo, a nonfungible token (NFT) influencer, announced on January 4 that he was the victim of a cyberattack and lost two CryptoPunks. "I just got hacked!!!" Are you serious?! " he tweeted and included an OpenSea screenshot of two CryptoPunks being transmitted to another address.
The attacker immediately sold the two CryptoPunks, one for 70 Ether (worth $88,434 at the time of publication) and another for 199 Ether (worth $251,404). This means that CryptoNovo lost over $300,000 in CryptoPunks during the attack.
Several other nonfungible tokens, such as Meebits, CloneX, Mutant Ape Yacht Club, and Bored Ape Yacht Club NFTs, were allegedly taken from the influencer.
The attack appears to have spared CryptoNovo's iconic green-beanie-wearing Punk, #3706, though the holder seems to have sold the item. While the previously mentioned NFTs were delivered to a known phishing address, CryptoPunk #3706 was delivered to an entirely different address and sold for 75 ETH (worth $94,751).
This address has also garnered items from Thenovoverse.eth, an ENS domain that has received items in the past from CryptoNovo's official wallet address. These facts imply that the owner, rather than an attacker sold the item.
CryptoNovo has over 18,000 Twitter followers and is well-known for wearing masks resembling the green-beanie-wearing CryptoPunk he first bought in 2020.
Although CryptoNovo claimed the attack was a hack, Twitter user Proper suggested that phishing was more likely. After transferring the green-beanie CryptoPunk to a secure address, CryptoNovo authorized several tokens to an unknown smart contract. This contract is the one that later used the "transferFrom" function on various NFTs to move them out of the influencer's wallet. This suggests that he was duped into allowing a malicious DApp to move his tokens.
On Discord, someone appears to be imitating CryptoNovo. He posted an image of a Discord account that asserts to be him but is a fake profile nine hours after the attack.
CryptoPunks was one of the first NFT collections of generative digital art, or art objects, produced by an algorithm. It was released in June 2017, and its individual units were distributed to anyone who could afford the gas fees required to mint them.
Thousands of other generative NFT collections, such as Bored Ape Yacht Club, Mutant Ape Yacht Club, Meebits, and others, have been inspired by the collection.
Can you think of any ways that the victim could have prevented this attack? Drop your comments by sharing this article on social media.