Key Takeaways
- A hacker tricked Creature Toadz NFT community members on Discord into sending 88 ETH via a fake mint.
- The hacker purportedly has been identified and has since publicly claimed responsibility for the attack.
- Since the incident, the hacker returned the funds to the Creature Toadz team, who are planning to refund them to users.
Share this article
A hacker has returned over $340,000 in ETH to the Creature Toadz NFT project after posting a fake mint link in Discord. Despite the return of the funds, some members of the community are still insisting that the hacker be held to further account.
Hacker Claims Responsibility on Twitter
The upcoming Creature Toadz NFT project ran into a major roadblock this morning when an anonymous figure hacked their Discord server and tricked members into sending them over 88 ETH, worth more than $340,000 at the time.
Posing as a moderator, the hacker shared a web link portending to be for community members to mint Creature Toadz in what was labeled as a “stealth mint.” Before it was revealed that the weblink was a scam, the community members had altogether sent roughly 88 ETH to the hacker’s address. The team said their Discord was compromised for about 45 minutes.
Surprisingly, however, the funds were later returned by the same hacker who stole them. Many believe the hacker did not have bad intentions and compared it to past attacks, such as those on Poly Network and Cream Finance, after which the funds were returned.
In an insane turn of events, the hacker has returned all the money he stole!!! This is one of the craziest nights of my life. All the affected will be refunded fully in ETH. pic.twitter.com/zNa1K6COuv
— CreatureToadz NFT (@CreatureToadz) October 20, 2021
In reality, on-chain analysis had already revealed the hacker’s identity.
OKHotshot, an anonymous NFT analyst, tracked down the identity behind the ETH address that received funds from the fake NFT minting contract used by the hacker.
Speaking with Crypto Briefing, OKHotshot said that by analyzing the paper trail left by the hacker’s Ethereum transactions, he connected the hacker’s identity to a Twitter user called HEERR.
During a post-hack Twitter spaces discussion hosted by NFT investor and writer Andrew Wang with the Creature Toadz community, HEERR publicly claimed responsibility for the Discord hack.
OKHotshot, who was a speaker in the same Spaces discussion, spotted that the purported hacker was present as a listener. Then, OKHotShot called out the hacker directly and publicly requested he return the funds.
.@CreatureToadz after finding out the scammer was (is) in our spaces I called him out directly “do the right thing, give the ETH back”. Now it turns out the scammer listened and returned the 88 ETH back to team: pic.twitter.com/3KnHfMBTcz
— OKHotshot.eth (@NFTherder) October 20, 2021
HEERR, whose real name is still unknown, joined in as a speaker and incriminated himself for the Discord hack. Claiming to be a 17-year-old high school male student, the hacker said, “it was a joke,” and that the original plan was to return the funds.
OKHotshot told Crypto Briefing that he did not believe the hacker did this as a joke or a mere stunt. He said that “claiming innocence is the only way out to avoid legal troubles” before adding that he was “going to nail his real-world identity regardless of their admittance.”
Soon after the Twitter Spaces session was over, the hacker returned all the funds to the team’s address. Meanwhile, the Creature Toadz team has decided not to press charges. They are now planning to refund members tricked into sending ETH to the hacker.
The incident raises questions surrounding Discord’s security capabilities. In today’s incident, the exploit originated from a vulnerability that itself originated from Webhooks, a Discord feature used for automated messages. Many in the NFT community, including OKHotshot, have reported that scammers have been using this vulnerability to hijack Discord bots.
The genuine minting phase for Creature Toadz is scheduled to launch tomorrow.
Share this article
290 Hacks Have Robbed the Crypto Industry of $13 Billion, Says Researc…
Crypto hackers have looted the industry of more than $13 billion in 290 different hacks, according to blockchain security firm Slowmist. As the market enters bullish territory and the size…
$26M in Bitcoin From the 2016 Bitfinex Hack on the Move
2,470 Bitcoin from the 2016 Bitfinex hack, where a total of 120,000 BTC was stolen, just moved to new addresses. The hackers responsible for the 2016 Bitfinex hack moved 2,470 Bitcoin…
$12.4M Lost as DeFi Platform pNetwork Suffers Exploit
pNetwork is the latest cross-chain DeFi project to suffer a multi-million dollar hack. pNetwork Suffers Hack pNetwork, a cross-chain asset transfer protocol, has suffered an exploit. The DeFi project announced…
What is Rarible: A DAO for NFTs
What was once dismissed as a silly and expensive sector, NFTs give creators access to global markets in a way that’s never been possible before, and it’s all thanks to blockchain.Those familiar…