In May 2022, an attacker stole 29 Moonbirds NFTs from their owners.  These NFTs are worth an estimated combined $1.5 million.

Inside the Attack

The Moonbirds hack was an example of a phishing attack, which has become increasingly common in the NFT space.  Links distributed via Twitter, Discord, or other channels trick victims into using malicious sites that steal NFTs from their wallets.

In this case, the legitimate owners of the Moonbirds NFTs were targeted via Twitter and were in the midst of negotiating a sale with the owner of the @DVincent_ account.  The attacker insisted that the transfer occur on the p2peers.io platform rather than a more established and trusted platform such as NFTTrader.

While some owners of Moonbirds NFTs identified the site as illegitimate and evaded the scam, others fell for it.  Visitors to the malicious site were tricked into signing a transaction that transferred ownership of their Moonbirds NFTs to the attacker.  

In total, the attacker was able to claim 29 NFTs worth approximately $1.5 million before they were closed down.

Lessons Learned From the Attack

NFTs are valuable assets, and high-profile NFTs such as Bored Ape Yacht Club (BAYC) and Moonbirds have become common targets of scams.  Phishing attacks have become especially common in the NFT space since a link to a malicious site can be used to trick NFT owners into signing transactions that transfer their NFTs to an attacker.

Phishing attacks are a growing threat in the NFT space, so it is vital to validate links before clicking them.  Additionally, NFT owners should only use reputable platforms for buying, selling, or trading NFTs and should validate the contents of transactions before approving them.

Explained: The Moonbirds NFT Hack (May 2022)
Rob Behnke
05.29.2022