Hot Hong Kong NFT project Monkey Kingdom loses US$1.3 million in hack, exposing security concerns
- A hacker stole an administrator account of the project’s group chat on Discord, a popular online instant messaging service
- Monkey Kingdom fraud is the latest in a series of scams seen in the space in recent months as the popularity around NFT reaches fever pitch
Popular non-fungible token (NFT) project Monkey Kingdom, founded by entrepreneurs in Hong Kong and promoted by celebrities such as JJ Lin and Steve Aoki, had its group chat hacked on Tuesday, allowing a cyber thief to steal nearly US$1.3 million worth of cryptocurrencies with a phishing link.
A hacker stole an administrator account of the project’s group chat on Discord, a popular online instant messaging service, and posted a phishing link in the group chat on Tuesday, just as the project kicked off a new sale in earnest. Buyers lost more than 7,000 Solana, a popular cryptocurrency, to the scam, which amounts to nearly US$1.3 million.
Phishing is a common form of online fraud often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. It is now being used to breach access to users’ cryptocurrency wallets.
This is the latest in a series of scams seen in the NFT space in recent months as the popularity around NFT reaches fever pitch. Sales volume of NFTs surged to US$10.7 billion in the third quarter of 2021, up more than eightfold from the previous quarter, according to data from market tracker DappRadar.
Launched on November 27, Monkey Kingdom, which comprises 2,222 digital portraits of the mythical hero Monkey King dressed in different styles, has quickly become one of the most talked-about NFT projects in Asia, with endorsements from celebrities including Steve Aoki, JJ Lin and Ian Chan of the Hong Kong-based boy band Mirror.
In addressing the hack, the project made a post on Twitter on Tuesday, saying: “At 10:00pm HKT when our presale began, our Announcement channel on Discord was hijacked by a bot named ‘Monkey Kingdom’ while our website was experiencing traffic. A discord webhook got compromised and posted a phishing link to the Announcement channel.”
A Monkey Kingdom buyer, whose Twitter handle was “commenstar”, took to the social media platform to share his loss on Tuesday. “Guys I got drained 650 SOL,” the buyer said, “Never thought it was not a legit mint link in [the] official discord [channel.”