bitcoinBTC/USD
$ 19,270.69
ethereumETH/USD
$ 1,062.38
tetherUSDT/USD
$ 1.00
cardanoADA/USD
$ 0.453639
xrpXRP/USD
$ 0.321628
usd-coinUSDC/USD
$ 1.00

Larry Lawliet Loses $2.7 Million in NFTs Amid Hacker Attack

The hacker seemed to have duped Lawliet into signing bogus transactions that gave them access to his NFTs and transferring them to themselves.

NFT collector Larry Lawliet was the victim of an alleged social engineering attack that resulted in the loss of seven costly Bored Apes and a number of other non-fungible tokens (NFTs).

The hacker seemed to have duped Lawliet into signing bogus transactions that gave them access to his NFTs, and through said access, the hacker was able to enrich their wallet with the NFTs transferred. 

Lawliet posted on Twitter that the hacker had stolen 13 of his NFTs, including seven Bored Apes, five Mutant Apes, and one Doodle. Based on the floor price of the NFTs stolen from Lawliet’s wallet, his complete losses from the attack reach the sum of $2.7 million.

The issues of Larry Lawliet began when an attacker who is presumably the same individual gained control of yet another NFT collection named Moschi Mochi’s Discord server and mentioned another mint through a bogus statement. Members of the Moschi Mochi community were invited to take part in an extra mint of 1,000 NFTs for a shot to earn a raffle of over $25,000.

Lawliet communicated with the bogus mint and sent 0.49 Ethereum (ETH) in return for 14 of the scam NFTs, according to his wallet address on Etherscan. Lawliet’s transaction data indicates a lot of “set approval” transactions just after the transfer.

The hacker’s “0xD27” address was set as an approved address in all of these set approval transactions. When verifying these transactions in his own wallet, Lawliet was duped into using the “setApprovalForAll” method.

The fact that when someone confirms a blockchain transaction using an in-app browser like MetaMask, it’s not always evident what permissions they’re providing to the website is crucial. In this instance, the victim mistook the transactions for routine ones, when in reality he was literally handing his NFTs to the hacker.

However, MetaMask has a function that allows users to view the true extent of the transactions prior to their execution. This stage is selecting the “details” tab, which provides information about the transaction, including critical details such as the addresses that have been approved. Traders may not always verify this amid the frenzy for an NFT mint.

The setApprovalForAll contract call permitted the hacker to execute the “transferFrom” contract call, allowing them to move all of the victim’s Bored Apes to their own wallet. A call is a programming construct that enables a user to run the code of another contract, which in this scenario constitutes the means of transferring NFTs from the target to the perpetrator.

After gaining possession of the victim’s NFTs, the attacker began transferring them to a separate wallet. The hacker was able to steal the Bored Apes as well as other NFTs such as Mutant Apes and Doodles using this approach.

Social engineering assaults targeted at stealing valuable NFTs continue to target holders of prominent NFT collections like BAYC. The collection has a floor price of over 118 Ethereum (ETH), equivalent to $320,000 at present.

In the wake of occurrences like this, security specialists recommend using “burner wallets,” or addresses with only a little amount of money to meet gas costs. As a result, if the transaction is a phishing scam, the victim’s losses will be greatly reduced.

Validating transaction data before authorizing could also be a good precaution. Approvals should only be given to “trustworthy contracts” with long transaction history, according to Tal Be’ery. 

Web wallets, like as MetaMask, display transaction data and might be invaluable as a means for phishing attacks detection.

Also read:

Related News

Updates have been provided on the current service freeze and new recovery efforts were outlined by the company.

Potential Solutions Are Being Considered By Celsius

Strategic deals and liabilities restructuring are being explored by Celsius. Updates have been provided on the current service freeze and new recovery efforts were outlined by the company. On June 12th, all transitions, withdrawals, and swaps were put on pause by Celsius and as of now, the company is looking for ways to recover. “Important steps to preserve and protect assets and explore options” are being taken by the company, per

Read More »
As the withdrawal function remains halted, the company is continuing to engage with investors interested in the Recovery Value USD (rvUSD).

Withdrawal Resumption Plan Is Not Moving Forward, CoinFLEX Backs Down

Withdrawals will not be resumed as anticipated, following a halt last week, CoinFLEX announced. As the withdrawal function remains halted, the company is continuing to engage with investors interested in the Recovery Value USD (rvUSD). After the token sale is completely carried out, CoinFLEX will disclose the process for permitting withdrawals, stated CEO Mark Lamb. “Extreme market conditions and continued uncertainty involving a counterparty” led CoinFLEX to hit a pause

Read More »
Just recently, the company had to reduce over 1% of its global workforce, making Coinbase vulnerable to the current market crash.

Coinbase Looking to Expand In Other Countries

Following the layoffs and rescinding of employment offers, the cryptocurrency exchange Coinbase intends to grow deeper into Europe. The intentions to register in nations such as Italy, Spain, France, and the Netherlands, were announced by Nana Murugesan, vice president of the California-based crypto exchange. Countries such as Germany, Ireland, the United Kingdom, and even Switzerland, where the first employee was hired recently, already have Coinbase as a licensed crypto exchange.

Read More »

My Coins

bitcoinBitcoin
$ 19,270.690.28%
ethereumEthereum
$ 1,062.380.68%
cardanoCardano
$ 0.4536390.36%
tetherTether
$ 1.000.18%

Newest Videos on YouTube

We inform and educate people about Cryptocurrencies and Blockchain technology.

© Copyright 2021, All Rights Reserved,
Crypto Academy

Bitcoin

Contact Us

For any question conatct us through:

sales@crypto-academy.org

Disclaimer: All information and materials on this website are for educational purposes only. Crypto-academy.org does not provide any form of financial advice. Cryptocurrencies are highly volatile, therefore any form of investing carries a high level of risk to your capital. It is recommended that you seek professional advice prior to implementing any investment or financial plan.

We do not ask you for your Cryptocurrency / We do not hold your Coins / We do not ask for Private Keys / Be aware of scammers and imposters.

Contact us only through: sales@crypto-academy.org