$377,000 and many valuable NFTs were in the hands of the attackers.
Halborn has reported a massive phishing attack targeting NFT owners. To steal more than $377,000 and a lot of valuable tokens, the attackers took advantage of the latest collaboration between RIMOWA (the world leader in the production of high-tech premium suitcases) and digital studio RTFKT, which produces various products for the metaverse.
The collaboration began in October, when the companies announced the creation of 888 NFTs, from which 888 real suitcases will be made.
According to experts from Halborn, during the attack, the attackers used more than 50 different domains, tricked the victims into connecting their crypto wallets to them, and then stole all the crypto assets, independently confirming the transactions.
To lure victims to fake domains, users were promised access to tokens up to the official limited collection NFT mint. If the victim clicked on the phishing link and connected their wallet, they were prompted to click on the “Mint Now” button, which checks the user’s OpenSea balance and determines which NFTs they own.
After that, an approved transaction is generated, which allows the attackers to transfer all the NFTs and crypto assets of the victim to their accounts.
Comments 0