One by one, NFT artists were approached by a mysterious and eager fan from South Korea. He wanted to pay them, well, for a new work of art, the details of which were in an email attachment. You can guess what happened next: the attachment contained a virus designed to sniff out and send away a user's crypto. You can read a great technical summary of the incident here.
Here are three take-aways from the story:
First, that crypto has the smartest and most incentivized hackers in the world. Whoever was behind this, and it was likely a group, did their homework. They carefully selected their victims, stalked them, created a convincing cover story, and then attacked with a novel virus. Only the paranoid survived. One artist was able to save part of their portfolio because they connected their MetaMask account to their hardware wallet (take note). Another by refusing to download strange files in the first place (also take note). Always go the extra mile to secure your portfolio, because hackers will go the extra mile to take it from you.
Second, that you should be careful when talking about your crypto activities or portfolio to others. Even an innocent Reddit post or Tweet could make a hacker look your way. Imagine how many ways someone could fool you into downloading a file. If you work in real estate, they could impersonate a landlord sending a lease agreement. If you teach dance, they could impersonate a potential client sending a practice clip. Stay mum.
Third, that it's always good to have a tech geek friend whom you can sanity check things with in crypto. Whenever I'm on the fence about something or see an opportunity that appears too good to be true, I immediately sanity check it with my network. That process would have likely prevented the crypto thefts.
Incidents like this will rise exponentially over time. The success of this attack will motivate the same group or others to expand their ambitions. Copycats will repurpose the virus. Be careful, and if you're ever in a situation where you want a quick second opinion, send us an email.
Enjoyed this article? Please share it, follow us on Twitter, and subscribe to our free Friday newsletter! It helps us out and keeps your investing mind sharp. Win-win!