If the head of a crypto firm can lose nearly $2 million in assets from a hack, you can, too.
It suffices to say, if you happen to be the head of a prominent crypto startup and you end up losing a substantial amount of your currency due to a crypto hack, it likely won’t go over too well with investors. Unfortunately for Arthur Cheong, he became a victim of that very circumstance. According to Vice, Cheong suffered a total loss of $1.7 million worth of NFTs which were siphoned directly from his wallet by hackers.
Cheong, who is the founder of the crypto startup Definance Capital, believes that the attack on him and his firm was a carefully orchestrated “social engineering attack” which likely came about because of an undetected phishing scam. Upon narrowing down where he thought the source of the crypto hack came from, Cheong posted a warning on his Twitter account to alert all crypto investors. The tweet explained that a phishing communique had likely been engaged with because it looked to be legitimate. Engaging with the malicious communique is what made his assets vulnerable to the crypto hack. He concluded the tweet with a photo and emphasized that “they are likely targeting all crypto peep.” Take a look at Cheong’s post below.
To understand why Cheong’s assets were made so vulnerable by this phishing scam it’s first important to understand how these targeted attacks work. First, the cybercriminal must research the company or target and pick out relevant information that the crypto holder would find pertinent to them or their institution. They then have to craft an email that would suggest to the target that what they are receiving is genuine.
In Cheong’s case, the email looked like it had come from a client of his, and nothing in the email suggested that it was the result of a fraudulent design. Since Cheong thought what he was looking at was the real thing, he interacted with the malicious content. The dupe ultimately resulted in him becoming the victim of a successful crypto hack.
However, there is one key element that was in place, and had it not been Cheong would have walked away from this incident with his assets intact. The reason why the crypto hack was a success, apart from the fact that Cheong willingly fell right into the con artist’s trap, was because he had his currency stored in a hot wallet versus a cold one. A hot wallet is a crypto wallet that has an active connection to the internet. Whereas crypto stored in cold wallets do not have that same active connection.
Essentially, that internet connection was the final avenue the cybercriminals needed access to in order for them to accomplish the crypto hack. Unfortunately for Cheong, he not only gave them the directions to his house, but he also left the keys in his door so they could walk right in and help themselves. Learning his lesson the hard way he stated, “Guess no more hot wallet usage then.”
Even though Cheong will likely steer clear of using hot wallets going forward, he still has quite a mess to sift through in order to recover all of his lost assets. And at this point, it remains uncertain if he will ever be able to. However he did kindly ask via Twitter, “If you bought my stolen NFT (mainly Azuki and CloneX), appreciate if you can hold it first. I will contact you all when I get my stuff sorted,” wrote Cheong.