- The renowned animator and NFT artist DeeKay Kwon had his Twitter account with over 179,800 followers hacked earlier this morning.
- The hacker published a link to a phishing website instructing users to approve a malicious transaction under the pretense of claiming an exclusive NFT drop from the artist.
- After the victims approved the transaction, the hacker drained their wallets, stealing approximately $150,000 worth of NFTs from multiple victims.
Share this article
The renowned Korean NFT animator DeeKay Kwon has had their Twitter account hacked and exploited to perform a phishing attack early Friday morning.
DeeKay Twitter Followers Phished for Over $150,000
A hacker has compromised the Twitter account of the famous NFT artist DeeKay Kwon to execute a phishing attack on his followers.
The incident occurred early Friday morning when a hacker compromised the Korean animator and NFT creator DeeKay Kwon’s Twitter account to post a phishing link to a fake website. The post lured Kwon’s followers into signing transactions from a malicious smart contract by announcing he was launching a new, exclusive NFT collection. “The LetsWalk Collection Airdrop is now live! Only 1,000 lucky people are able to claim! Good luck!” the message posted on DeeKay’s compromised Twitter profile with over 179,800 followers read.
The hacker included a link to a fake website miming DeeKay’s official frontend. The phishing site instructed the victims to claim the malicious NFTs, but when the victims agreed to the claim, they inadvertently approved a transaction that granted the attacker access to their wallets. From there, the attacker was able to steal valuable NFTs from the victims’ wallets.
According to on-chain data, the attacker began their looting at around 03:43 CET this morning, ultimately pocketing about 65 NFTs from multiple victims before Kwon could retrieve his Twitter account and delete the malicious post. The attacker seems to have been able to sell between $80,000 and $91,000 of NFTs and has since transferred the ETH proceeds to another wallet. They still hold about 50 stolen NFTs worth around $52,000.
Approximately five hours after the attack began, Kwon commented on the incident on Twitter, saying that he got his account back and apologized for the event. “I got my account back. Apologies for this ugly event, and a sincere thank you to everyone who helped to inform others,” he said, adding that he was panicking for hours due to the incident. He also asked anyone affected by the phishing scam to comment on his post in order to connect and collaborate on a potential solution.
One of the victims who commented, going under the pseudonym CryptOmid.eth, said they were one of the people who got phished, losing four Cool Cats and three Azuki NFTs. “I clicked the sign button twice before I realized this seems shady,” the victim, who seems to be working as an engineer at Coinbase, explained in a related comment.
Phishing attacks like today’s seem to be becoming increasingly common in the crypto space. Only four days ago, on July 11, a hacker stole approximately $8.6 million in crypto assets in a phishing attack targeting Uniswap liquidity providers. The way both attacks were conducted is strikingly similar.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.