If you’ve been on the internet for long enough, you probably know some of the common scams to watch out for; fake inheritance scams, dodgy software downloads, and, of course, phishing.
Phishing scams are when a fraudster sends a message pretending to be a legitimate company asking you to log in to your account. You know, the often poorly-done emails claiming that your PayPal account is going to get shut down if you don’t log in now.
The goal of phishing scams is to collect usernames and passwords and then steal from whatever accounts the details belong to. While there is a wealth of information on how to identify and avoid these scams, even the best of us can get caught up.
Case in point, Arthur Cheong, the founder of DeFiance Capital, a venture capital fund with a focus on DeFi, lost over $1.7 million in NFTs from his personal wallet. This happened after he fell victim to a phishing scam.
Details About the Scam
In a now-deleted tweet from March 22, 2022, Cheong explained that not only was he a victim of a scam but that he now fears for everyday people with less digital experience.
“Well, this hit me hard but if I got exploited as a fairly sophisticated 5 years crypto user (DeFi user, password manager, mostly hardware wallet), I’m not sure how I can persuade most normal people to put a substantial part of their net worth on chain anymore,” the tweet said.
It was also revealed that the NFTs had been kept in a hot wallet (a wallet connected to the internet) as opposed to a cold wallet (which is not). As for the NFTs stolen, a security company called PeckShift published an analysis of the situation.
As per their estimations, about 60 NFTs were stolen, all of which were from top collections. Some of the collections include CloneX, Azuki, Hedgies, and Second Self.
The email that caused the hack, according to Cheong, appeared to be from one of DeFinance’s portfolio companies. After a file attached to the email was clicked, Cheong’s password was compromised and the NFTs stolen.
This is a common feature of phishing emails, especially the more sophisticated ones. While the poorly-done ones might be spotted rather easily, some of the better ones can be so convincing that even someone like Cheong would believe that they were real.
Staying Safe With Crypto
While Cheong has since deleted his tweets and had not given any official comment on the matter, this is not a unique situation. It has been estimated that millions of dollars are lost each year to phishing schemes and unfortunately, they show no signs of stopping.
What can be done is to educate NFT users on how to identify phishing schemes and put as many measures in place to make sure that they don’t fall victim. If this can be done, hopefully incidents like Cheongs can be a thing of the past.