Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
An attacker has successfully compromised the Twitter accounts of popular NFT project Gutter Cat Gang and its co-founders, and used them to post phishing website airdrops claiming to be new NFTs. Instead of receiving the promised tokens, those who authorized contracted their wallets to be emptied. One victim lost 36 NFTs, including a Bored Ape NFT they bought for about $130,000. In total, the attackers managed to steal between $750,000 and $900,000 worth of NFTs, depending on how the resale value was estimated. The next day, the Gutter Cat Gang announced that they had regained control of the Twitter account and deleted the malicious tweet. They said they were cooperating with law enforcement investigating the theft but, to the dismay of some victims, did not describe any plans to compensate those whose assets were lost. Attack method (per SlowMist): Account Compromise. Reported loss: $ 800,000.
- chain
- —
- protocol
- Gutter Cat Gang
- bug_class
- phishing
- date_occurred
- 2023-07-07
- loss_usd
- $800,000
- source_id
- sm:gutter-cat-gang::2023-07-07