On April 1, 2022, Jay Chou posted on Instagram that the BAYC#3738 NFT he held had been stolen.
When everyone thought it was a joke, the hacker had already transferred and sold Jay Chou’s NFT.
How did April Fool’s hackers target Jay Chou’s NFT? How did it turn around? Although the process is simple, this NFT anti-theft tip may be suitable for JayChou.
How was Jay Chou’s NFT transferred?
It is understood that the NFT was presented by Huang Licheng in January this year.
After the inspection of the Chengdu Lianan technical team, it was found that Jay Chou signed the authorization transaction with the wallet address starting with 0x71de2 at around 11:00, and granted the NFT permission to the attacker wallet starting with 0xe34f0. Realize that your NFT is already at risk.
In the past few minutes, the attackers transferred the Boring Ape BAYC #3738 NFT to his wallet address at 11:07.
However, the hackers seemed to have their eyes on the Chinese pop king, and then stole one MAYC and two Doodles held by Jay Chou.
After the attacker succeeded, he sold the stolen NFT on LooksRare and OpenSea for about 169.6 ETH.
At present, the funds remain at the address starting with 0x6E85C. In this way, Jay Chou’s NFT was profited by hackers.
What are the risks of NFTs?
At present, the risks of NFTs can be roughly divided into two categories:
- The authorization problem of NFT itself (NFT holders can authorize other addresses as agents) may cause NFT permissions to be hijacked due to the misoperation of NFT holders (mainly phishing websites and insecure interface calls at the wallet level);
- The external risks introduced after NFT participates in the DEFI system, such as the security risks brought by the NFT pledge mining contract itself, are basically the same as the conventional DEFI risks.
In addition, we also need to guard against various fraudulent methods:
For example, scammers will privately message you links to fraudulent websites through Discord, or send fake transaction links to induce you to click. In addition, scammers will induce users to send their private keys or mnemonics to themselves through various means, so be sure to protect your private keys and mnemonics.
These fraud prevention guides you need to know
In addition to being alert to NFT hype, it is also necessary to guard against various NFT scam routines. The number and scope of NFT-related scams have also exploded in the past year, and everyone needs to take more precautions.
Pay attention to the identification of genuine and fake websites
Be sure to watch out for fake sites, especially phishing sites. Do not authorize lightly! Do not authorize lightly! Do not authorize lightly!
Do not reveal private keys or mnemonics
Protect your private key and mnemonic phrase and do not disclose it. Once compromised, your digital assets are likely already at risk.
Cancel wallet authorization in time
If you have authorized the wallet on the fraudulent website, you can go to the following two addresses in time to check the wallet authorization and cancel it in time: