In another incident highlighting the vulnerability of the crypto industry, the official Twitter account of the popular Ethereum NFT collection, Gutter Cat Gang, along with its co-founder’s account, was hacked, resulting in a significant financial loss. Estimates suggest that at least $750,000 worth of assets were stolen, with some sources indicating a potential loss of up to $900,000. The stolen assets were subsequently sold for $640,000, according to AegisWeb3. The wide range in estimates is due to the variety of NFTs that were targeted, each with its own floor price.
The GutterCatGang official twitter, and Gutter Ric's account are both compromised and posting drainers. Steer clear, there is no drop.
2nd time in two days that a founder and their protocol have both been compromised. Shared phone number?
— quit (👀,🦄) (@0xQuit) July 7, 2023
The attack involved the hacker promoting a “public airdrop” of GutterMelo, a legitimate collection released by Gutter Cat Gang. The hacker posted a phishing link that directed users to a fake airdrop, where their wallets were drained upon connecting to the site. This type of attack typically involves victims unknowingly interacting with a malicious contract, granting permission for the contract to spend their tokens. With control over the contract, the hacker can freely transfer the user’s NFTs.
Two days after the attack, the Gutter Cat Gang Twitter account posted a debrief acknowledging the incident, expressing regret, and stating that they are cooperating with law enforcement. The team also emphasized their commitment to enhancing security measures to prevent future attacks. However, disappointed fans noted the absence of any mention of possible compensation for the victims.
Gutter Cat Gang Twitter accounts were compromised yesterday. Malicious tweets were posted Friday afternoon, July 7 (Eastern Time). The team has regained control of the known compromised accounts.
We promptly reached out to our contacts at Twitter, law enforcement and mobile…
— Gutter Cat Gang (@GutterCatGang) July 8, 2023
The incident raises concerns about the security practices of crypto projects, particularly regarding the protection of their social media accounts. While Gutter Cat Gang claims to have implemented “multi-factor authentication and security measures,” the specific methods used are unclear. Twitter offers three options for multi-factor authentication: app-based authentication, SMS, or dedicated keys. Cybersecurity experts recommend app-based authentication as the most secure option, as the authentication code is never transmitted over a network. Using dedicated USB security keys is also considered more secure than relying on SMS authentication, which has proven vulnerable to SIM swap attacks.
Your team better look at a compensation plan for victims as it is gross negligence to have used SMS 2FA on your socials after all of the recent SIM swaps
— ZachXBT (@zachxbt) July 7, 2023
The prevalence of SIM swap attacks in the crypto world underscores the need for stronger security measures. These attacks involve fraudsters taking over victims’ phone numbers through convincing their mobile service providers to transfer the number to a new SIM card. Once the swap is complete, the attackers gain access to phone calls and SMS messages, enabling them to take control of social media accounts that rely on phone-based password resets. Crypto projects must prioritize more robust security measures, such as utilizing unique and complex passwords, implementing hardware keys for authentication, and enabling password reset protection that requires both email and phone number verification.
To enhance personal security, individuals should consider using long and unique passwords, along with hardware keys for second-factor authentication. Enabling password reset protection, which requires both email and phone number verification, adds an extra layer of security. It is also advisable to have a dedicated phone number solely for security purposes, limiting its distribution to prevent potential vulnerabilities.
By implementing these measures and continuously educating users about potential threats, the crypto industry can work towards a safer and more secure environment for all participants.