They appear to have authorized a malicious Dapp to transfer their tokens, leading the assets to be drained immediately.
NFT Influencer CryptoNovo announced on Jan 4. that they have fallen victim to a cyberattack and lost two cryptopunks. The post on Twitter says “I just got hacked!!! Are you kidding me!?!” and includes a screenshot from OpenSea displaying two cryptopunks being transferred to another address.
I just got hacked!!!
Are you kidding me!?! pic.twitter.com/r1xS0mhD6P
— CryptoNovo (@CryptoNovo311) January 4, 2023
The two cryptopunks were immediately sold by the attacker, one for 70 ETH (worth an equivalent $88,434 at time of publication) and the other for 199 ETH ($251,404). This implies that CryptoNovo lost over $300K worth of cryptopunks in the attack.
The record of cryptopunk#4608 allegedly being transferred to the attacker’s wallet, moved to another wallet, and then sold for 199 ETH. Source: OpenSea
Numerous other NFTs were apparently taken from the influencer, including Meebits, CloneX, Mutant Ape Yacht Club, and Bored Ape Yacht Club items.
CryptoNovo’s iconic green-beanie-wearing punk, #3706, appears to have been saved from the attack, although the owner also appears to have sold the item. While the previously mentioned items went to a known phishing address, the cryptopunk #3706 was sent to a completely different address and sold for 75 ETH ($94,751). This address has also received items from thenovoverse.eth, an ENS domain that has itself received items from CryptoNovo’s official wallet address in the past. These facts may imply that the sale of this particular item was possibly done by the owner rather than an attacker.
Cryptopunk#3706. Source: OpenSea
CryptoNovo is an NFT influencer with over 18,000 Twitter followers . He is known for wearing masks that make him look like the green-beanie-wearing cryptopunk he first purchased in 2020.
Although CryptoNovo claimed the attack was a “hack,” Twitter user @__proper has pointed out that this is more likely to have been caused by phishing. Just after the green beanie cryptopunk was transferred to a safe address, CryptoNovo made several token authorizations to an unknown smart contract. It is this contract that subsequently used the transferFrom function on various NFTs to move them from the influencer’s wallet. This implies that someone may have tricked him into authorizing a malicious Dapp to move his tokens.
Really sorry this happened and I hope you're able to get the pieces back. If it's any help, it looks like you may have a signed a txn granting an allowance to https://t.co/8Lpr10A3sz pic.twitter.com/pNMt5xrN0F
— proper (@__proper) January 4, 2023
Related: Magic Eden NFT service hacked, shows porn instead of correct images
Someone also appears to be impersonating CryptoNovo on Discord. 9 hours after the attack occurred, he posted an image of a Discord account that claims to be him, but which he says is a fake account.
I have not asked anyone for anything. DO NOT send anything to anyone using my name and account number! The discord you see below is a fake account. A couple other CryptoPunks owners have scammers acting as them as well. pic.twitter.com/9YWcTLYAJd
— CryptoNovo (@CryptoNovo311) January 4, 2023
Cryptopunks was one of the first “generative digital art” NFT collections or collections of art objects generated by an algorithm. It was released in June, 2017, and its individual units were given away to anyone who could pay the gas fees to mint them. Today, cryptopunks sell for an average price of over $1,000, according to nftstats.com.
The collection has inspired thousands of other generative NFT collections, including Bored Ape Yacht Club, Mutant Ape Yacht Club, Meebits, and others.