It’s an age-old NFT tale at this point; hackers manage to gain access to the social media account of a legitimate and known firm and try to trick its followers into handing over their NFTs. This has happened to everyone from the Bored Ape Club to even OpenSea.
The latest victim of this is the metaverse platform the Sandbox. On September 8, 2022, the platform’s official Instagram account was hacked. Following this hack, the criminals touted a fake raffle and also approached users under the guise of wanting to ‘rent’ their NFTs.
The Sandbox Under Attack
One of the first changes that were made after the Instagram account was compromised was that the URL posted on the page’s bio was changed. At least one person who clicked the link reported having their digital assets stolen later on. Along with this, a fake giveaway was being promoted for season 4 LAND in the same bio.
Even more bizarre, the hackers used the Sandbox Instagram account to contact users who they believed owned Bored Ape NFTs. This was based on the use of Bored Apes as profile pictures by users. When they reached out to these users, they asked to ‘rent’ their NFTs for 24 hours at a cost of 40 ETH.
This was confirmed by Sandbox co-founder and chief operating officer Sebastien Borget on Twitter.
“Instagram account recovered. The hacker tried to rent Bored Apes Yacht Club NFTs – using our account. We would NEVER ask via DM and have contacted all users to notify them,” he tweeted.
The company eventually regained access to its Instagram account and is now trying to move forward in the aftermath. This is a common tactic among criminals and is based on the fact that companies like the Sandbox have high followership and user base and also because they are well respected within the community.
While a user might be reluctant to click a random link promising free assets or respond to a DM from a random user asking to rent their NFTs, they will trust it more if it is coming from a company on the level of the Sandbox.
Also, it is quite curious that the hackers were asking to rent people’s NFTs. Over the last few months, there has been more emphasis on the ways to make money from NFTs besides selling them. This includes using loaning them out for a fee and licensing them commercially. Clearly, the hackers knew this and this factored into their plans to swindle users.
More Vigilance
As with every time something like this happens, it is important to reiterate vigilance among users. Even if it is shared by an official account of a company you know, clicking on links promising free NFTs that were never mentioned prior or giving access to your NFTs via Instagram DM is a bad idea.
While the activities of hackers cannot be entirely stopped, they can be reduced significantly with a bit of effort on the part of asset holders.