The cool side of the blazing crypto ecosystem.
A Web 3.0 newsletter covering the latest news that matters.

What’s in today’s crime cooler:

• Summary of What Happened

• What is the Impact on Users, Businesses, and Funds

• How to be More Secure in the Future

• Final Thoughts

The Gutter Cat Gang, a popular Ethereum-based Non-Fungible Token (NFT) collection, suffered a significant phishing attack on their official Twitter account.

The attack also compromised the account of one of the project's co-founders. The hacker managed to steal at least 87 NFTs from 16 different users, resulting in a loss estimated between $750,000 and $900,000. One of the victims lost a Bored Ape, a blue chip for those who aren’t familiar, artwork that had been sold for $125,000 in September 2021. The hacker has since sold some of the stolen assets for around $640,000.

The attacker exploited the Twitter platform to promote a fake "public airdrop" of GutterMelo, a legitimate Gutter Cat Gang collection. They posted a phishing link that, when clicked, drained the connected wallets of their assets. Adrian Hetman from Immunefi explained that in such attacks, victims usually interact with a malicious contract, giving it approval to spend tokens on their behalf. Once this approval is granted, the hacker can transfer the user's NFTs at will.

Two days after the attack, the Gutter Cat Gang posted a debrief on Twitter, expressing remorse and stating that they are working with law enforcement and taking steps to prevent future attacks. However, there was no mention of compensation for the victims, which disappointed many followers. Despite the hack, the Gutter Cat Gang claims to have been using multi-factor authentication and other security measures. However, it remains unclear what these measures were. The incident has raised questions about the security measures employed by crypto projects for their social media accounts.

Users:

The most direct impact was on the 16 users who had their NFTs stolen. They lost valuable digital assets, with one user losing a Bored Ape artwork that had previously sold for $125,000. The total estimated loss for users ranges between $750,000 and $900,000. Additionally, the attack likely caused distress and loss of trust among the Gutter Cat Gang community, especially since there was no mention of compensation for the victims.

Businesses:

The Gutter Cat Gang, as a business, suffered reputational damage due to the hack. Their security measures were called into question, especially since they claimed to have been using multi-factor authentication and other security measures. The incident might have caused a loss of trust among existing and potential customers, impacting their business operations and future sales. Moreover, they might have to invest more in enhancing their security infrastructure to prevent such incidents in the future.

Funds:

The immediate financial impact was the theft of NFTs worth between $750,000 and $900,000. The hacker managed to sell some of the stolen assets for around $640,000. The long-term financial impact could be a potential decrease in the value of the Gutter Cat Gang's NFTs due to the loss of trust and reputation. Furthermore, the cost of improving security measures and potential legal expenses related to the investigation of the hack and working with law enforcement could also add to the financial burden.

There are many ways this hack could have been prevented from the user and project side.

• Strong Authentication Methods - Twitter provides three different forms of multi-factor authentication, MFA. Many people are making fun of Gutter Cat Gang for their MFA choice of SMS MFA, or text message MFA because it is the least secure by far. They should have enabled through an authenticator app and also an offline/hardware security key.

• Secure Wallets - Users should never click random links from anywhere on the internet with their valuable NFTs and assets in a wallet like MetaMask. Make sure your wallet is not connected to any sites you are unsure about. A simple rule of thumb is opening the link in another browser or a hot wallet that has little to no value in. This mitigates the risk of you clicking on a link and losing everything inside that wallet.

• Phishing Awareness - Everyone knows that phishing scams are everywhere but are getting harder and harder to spot. As Gutter Cat Gang states, they never offer any surprise drops or activations. This should tell you that they announce everything online in advance and across all channels.

Unfortunately no security measure is foolproof, these simple steps could have been taking on the user and project side and no NFTs could have been stolen.

Our Finals Thoughts on this hack; it’s unfortunate to see basic security implemented that could have stopped this entire hack. People are quick to blame the project but also users need to be cautious at all times and know this has happened before. We will learn and continue to grow from this.

Below is a visual representation of how this hack occurred.

Share the Crypto Cooler

We can hardly contain our excitement as we grow we want to gear up and unveil a brand-new referral program. We want to hook you up with some cool rewards, including stickers, nifty dad hats, and more.
Stay tuned to be rewarded!

Disclaimer: The information shared in this newsletter is for informational purposes only and should not be considered financial advice. It is crucial to conduct independent research and consult with a financial advisor before making any investment decisions.