decrypt.co
An abrupt hostile takeover of the gold-checked Azuki Twitter account led to some users falling for yet another wallet-draining scam on Friday.
In less than 30 minutes, over $750,000 worth of USDC, 11 NFTs, and over 3.9 ETH were stolen through malicious links feigning as a “land mint” for the popular Azuki NFT project. The mint was fake, however, and the link instead sent unsuspecting users to a “drainer” contract that duped them into signing a transaction that swiped assets from their wallets.
A single user seemingly inadvertently sent over $750,000 worth of stablecoin USDC to the attacker’s wallet, per Etherscan data provided by Web3 security firm WalletGuard.
Scam Alert!
The Azuki Twitter is hacked, and has shared a fake land minting site that is a wallet drainer. pic.twitter.com/ndD9qPWzGk
— Fire (@_joinfire) January 27, 2023
Many NFT traders quickly realized that the suspicious Azuki tweets, which referred to the fake “surprise mint,” meant the account had been compromised. Within the hour, the official Azuki Twitter account appeared to have been removed from Twitter search results, and the malicious tweets were deleted.
Azuki Community Manager Rose quickly confirmed that the Azuki account had been compromised.
AZUKI OFFICIAL TWITTER ACCOUNT IS HACKED.
DO NOT CLICK LINKS FROM OUR ACCOUNT.
PLEASE RETWEET.
— Rose | 🌹🐰| ⛩🅱️NGL (@emilyrosemcg) January 27, 2023
MetaMask Security Research Harry Denley noticed the scam almost immediately and said that MetaMask has since blocked the malicious domain.
⚠️ Azuki twitter account takeover - offending tweet was tweeted on the twitter web app on a mobile device
MetaMask will soon block the domain when cache clears https://t.co/Cqc4gUbY7e pic.twitter.com/yQaTcY3LN5
— harry.eth 🦊💙 (whg.eth) (@sniko_) January 27, 2023
The Phantom wallet team has also marked the malicious domains as unsafe, alerting users who attempt to connect their Phantom wallets to the sites.
Azuki's Twitter has been compromised.
Do not visit any links posted from their account. We've already blocked several sites to keep our users protected.
Stay safe out there! pic.twitter.com/ma9j0ZRrPr
— Phantom (@phantom) January 27, 2023
An hour after the account was compromised, Azuki Head of Community and Product Manager Dem said in a Twitter Space that the Azuki team is in touch with Twitter and is trying to regain control of the account.
“We’re on top of the situation,” he said.
This isn’t the first time that the NFT collection has been targeted by scammers. In April 2022, a deluge of compromised verified Twitter accounts with Azuki profile pictures promoted airdrop scams in an effort to capitalize off the anime-inspired brand. And earlier this week, the Twitter account of trading platform Robinhood was similarly hacked to promote a crypto scam, though the hackers in this instance were only able to make away with roughly $8,000 in crypto.