Chase Devens, Messari analyst, became one of the victims of a phishing attack on the token issuance of the NFT Aurory Project on the Solana blockchain. The attacker stole cryptocurrencies and non-fungible tokens from the victims’ wallets. The estimated total loss is over $ 1 million.
It is likely that the hacker cloned the Aurory Project site (app.aurory.io) where the drop was to start on August 31 and posted it to the aurory.app domain.
The hacker then started promoting the fake link in Aurory Project’s Discord chat. Following this link, the user saw his wallet absolutely emptied.
One of those who fell into the intruder trap was Devens.
“A friend copied a post from Discord to our Slack channel. I thought he had checked the link and was the first in the group to click on it. The 15,000 Solana and non-fungible tokens were stolen, ”he explained.
“Aurory Project just emptied my wallet through a cyber scam. My life is ruined. But, it’s my fault, I typed on app.aurory, thinking it’s your app, ”one user wrote.
The attacker’s address temporarily contained over 10,600 Solana worth over $ 1.1 million. He has also obtained several hundred non-fungible tokens, including tokens from the Bold Badgers, SolRock, SolBears and Degenerate Apes series.
“Last night I made a deal with Degenerate Ape Academy with a profit of 70 Solana and felt on top of the world knowing I always had the monkey-NFT Michael Jordan in my pocket. She’s gone forever, ”added Devens.
At that time, there were 184 tokens left on the hacker’s account. He sold a large part of the assets via Solanart’s NFT platform. The Aurory Project team recognized issues with the start of token minting and allegedly due to server overload, not all users were able to find out more at first. According to them, all non-fungible tokens were sold in 3 seconds.
They also reported that they made a mistake in the smart contract and that users issued tokens worth 1 Solana, not 5 Solana as it was supposed.
Recall that previously, a collector had paid 100 ETH (approximately $ 335,000) for a non-fungible token, which was ostensibly the work of an anonymous artist Banksy. However, a few hours later, he received a duplicate of the token.