- Gabriel Leydon’s Twitter account was hacked and a scam link was spread.
- Users who interacted with the scam link lost their cryptos and NFTs.
- According to Leydon, an AT&T employee is behind the crime.
An unauthorized user took over the Twitter account of Limit Break, the gaming startup behind DigiDaigaku, co-founder and CEO, Gabriel Leydon. The account began sharing a link that was promoted as access to an allowlist to protect mint for a free DigiDaigaku NFT.
When users interacted with the website and sanctioned the transaction produced by the smart contract, what resulted was the stealing of cryptocurrency and NFTs from their wallets by an attacker. Blockchain networks based transactions are impossible to reverse by a third party.
Holy shit they hijacked account somehow and it asks for approvals for all your NFTs pic.twitter.com/rbxU0Rqf91— state (@statelayer) November 3, 2022
Dozens of NFTs were stolen, which in Ethereum are worth tens of thousands of dollars. Mutant Ape Yacht Club NFT was the most valuable amongst all and was sold by the attacker for $12.39 ETH. Moreover, crypto worth $30,000 has been taken from users.
The account has been retrieved by Leydon, who has put the blame at AT&T, a mobile carrier. He claims that his security protection was overridden by an AT&T employee who also conducted an unapproved SIM swap.
For those who don’t know, a SIM swap attack is utilized to avoid two-factor approval protocols. By taking over the mobile number that’s under question, the attacker can still get access to protected accounts that include social media, where the account owner can be mimicked.
A message to the people pic.twitter.com/SdxjmBdOvo— Gabriel Leydon (FREE,OWN) (@gabrielleydon) November 3, 2022
According to Leydon, an employee got through the protections imposed on his AT&T account, and shared that Limit Break is in talks with the firm regarding the allegations.
The attack is under investigation and users who have lost their assets will be supported. Leydon shared that the situation is shocking and they will help the individual upon verifying that they were attacked.
Reputed pseudonymous blockchain investigator, ZachXBT, tweeted that it seems the attack is connected to Monkey Drainer, a scammer who took away crypto assets and NFTs worth millions of dollars recently.