The Twitter account of the digital creator and NFT artist Mike Winklemann, otherwise known as Beeple, was compromised on Sunday and used to promote a significant phishing scam. His account was hacked to share a dodgy link presumable to a website of the famous fashion designer Louis Vuitton. (Beeple first collaborated with the fashion brand back in 2019.)
Soon after the phishing attack, several crypto security analysts took to Twitter to alert others of this phishing scam.
Harry Denley, a security analyst at Metmask/MyCrypto, was the first person to notice the phishing attack and alerted the individuals that the recent tweets on Beeple’s account had a link directing to a phishing scam. He tweeted, “Beeple’s Twitter account has been hacked (ATO) to temporarily share a phishing link that, if clicked on, would steal users’ crypto funds.”
⚠️ Beeple’s Twitter account has been compromised (ATO) to post a phishing website to steal funds.
— harry.eth 🦊💙 (whg.eth) (@sniko_) May 22, 2022
The phishing link, which appeared to be a raffle of a Louis Vuitton collaboration, was actually aimed at wiping off crypto out of users’ wallets. According to Denley, when users clicked on the link, one Ethereum (ETH) was automatically stolen from their crypto wallets. The link attracted people with the promise of offering a free mint for rare NFTs (non-fungible tokens).
The criminals were most likely attempting to steam funds off an actual recent partnership between Beeple and the fashion brand. In the collaboration, Beeple created 30 NFTs for Louis Vuitton’s “Louis The Game” mobile game in May. These NFTs were meant to be used as incentives for players of the game.
Beeple’s Twitter Account Hacked!
The phishing links were live on Beeple’s Twitter account for roughly five hours, and it appeared that the criminals drained around 36 ETH from users’ wallets, which was worth nearly $73,000 during that time. During an on-chain investigation, it was also highlighted that the bad actors continued to use the artist’s Twitter account for another, more sophisticated phishing scam. The second scam drained roughly $125,000 in ETH, $166,000 in NFTs, and $75,000 in WETH from users’ wallets. Some of the NFTs that were stolen during the attack include the Mutant Ape Yacht Club, Otherdeeds, and VeeFriends. This brought the total stolen funds in both the phishing attacks to around a whopping $438,000.
After he got control over his Twitter account, Beeple tweeted that his account was “back to normal” and “we have control now.” He also added: “Stay safe out there. Be mindful of anything that appears too good to be true; it always ends up being a phishing scam.”
Multiple users replied to Beeple’s tweet to report their funds being stolen from their crypto wallets, and to ask if he could help them recover their money or NFT collectibles. Others blamed him for his poor cybersecurity practices which led them to lose their funds.
Reported Phishing and Cyberattacks
Phishing scams like this are common in the cryptocurrency ecosystem, particularly on Twitter. Back in March, a phishing scam compromised the Twitter accounts of several verified users to drain more than $1 million in a fake Apecoin airdrop.
Beeple, who is known for his unique digital art and NFT creations, sold three of the top ten most expensive NFT artworks in the history of the NFT sector. Last year, he sold an NFT artwork for approximately $69.3 million at Christie’s auction house, breaking all the records in the NFT sector. Additionally, he’s also collaborated with pop singer Madonna for his recent horror-inducing NFT.
He’s always been a target for cybercriminals — in November, hackers hacked an admin account on his Discord channel to promote a fake NFT launch, resulting in a significant loss of around 38 ETH.