{"id":48667,"date":"2021-09-01T11:44:04","date_gmt":"2021-09-01T08:44:04","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=48667"},"modified":"2025-09-02T08:35:58","modified_gmt":"2025-09-02T05:35:58","slug":"phishing-attack-on-nft-project-nets-hacker-over-1-million","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/phishing-attack-on-nft-project-nets-hacker-over-1-million\/","title":{"rendered":"Phishing attack on NFT project nets hacker over $1 million"},"content":{"rendered":"<p>Messari analyst Chase Devens was among the victims of a phishing attack on the NFT drop of the Aurory Project on the Solana blockchain. The attacker drained wallets of victims of cryptocurrency and NFTs worth more than $1 million.<\/p>\n<p>Presumably, he cloned the Aurory Project site (app.aurory.io), on which the drop was due to launch at 18:00 (MSK) on August 31, and placed it on the aurory.app domain.<\/p>\n<p>Then the hacker began promoting the fake link in Aurory&#8217;s Discord chat. When the link was clicked, victims&#8217; wallets were emptied.<\/p>\n<p>One of those who fell for the scam was Devens himself.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cA friend copied the message from Discord into our Slack channel. I thought he checked the link and was the first in the group to click it. All 15,000 SOL and NFTs were stolen,\u201d he explained.<\/p>\n<\/blockquote>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Sad day.<\/p>\n<p>Participated in the <a href=\"https:\/\/twitter.com\/AuroryProject?ref_src=twsrc%5Etfw\">@AuroryProject<\/a> drop and wasn\u2019t able to mint any NFTs. A friend copy pasted a message from the Discord into our slack channel, thought he had DD\u2019d it. I was the first one in the group to click it and had $15k SOL and all my NFTs wiped \ud83d\ude30<\/p>\n<p>1\/<\/p>\n<p>\u2014 \u034fc\u034fh\u034fa\u034fs\u034fe \u034fd\u034fe\u034fv\u034fe\u034fn\u034fs (@chasedevens) <a href=\"https:\/\/twitter.com\/chasedevens\/status\/1432742408991690753?ref_src=twsrc%5Etfw\">August 31, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cAurory Project just drained my wallet via a scam. My life is ruined. But I\u2019m to blame \u2014 I opened app.aurory, thinking it was your app,\u201d wrote one user.<\/p>\n<\/blockquote>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/AuroryProject?ref_src=twsrc%5Etfw\">@AuroryProject<\/a> just got my wallet drained from a scam \u2026 <a href=\"https:\/\/t.co\/bVT7p4LsTM\">https:\/\/t.co\/bVT7p4LsTM<\/a> \u2026 my life is in shambles \u2026 it\u2019s my own fault \u2026 i typed in <a href=\"https:\/\/t.co\/bVT7p4LsTM\">https:\/\/t.co\/bVT7p4LsTM<\/a> thinking that was your app \u2026. i am so sorry<\/p>\n<p>\u2014 King Maven (@KingMaven_) <a href=\"https:\/\/twitter.com\/KingMaven_\/status\/1432711052509200385?ref_src=twsrc%5Etfw\">August 31, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>At some point, the attacker\u2019s <a href=\"https:\/\/explorer.solana.com\/address\/AUrox7sHx1L8mxEPrNqkVjHa16CXQ73UbgZtZTNPNLjx\">address<\/a> contained more than 10,600 SOL worth over $1.1 million. He also acquired several hundred NFTs, including tokens from the Bold Badgers, Aurorians, SolRock, SolBears and Degenerate Apes.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cLast night I pulled off a deal with Degenerate Ape Academy for a profit of 70 SOL and felt on top of the world, knowing I still had the NFT monkey Michael Jordan in my pocket. It\u2019s gone forever,\u201d added Devens.<\/p>\n<\/blockquote>\n<p>As of writing, the hacker\u2019s account had 184 tokens left. He sold a substantial portion of the assets via the NFT platform Solanart.<\/p>\n<p>The Aurory Project team acknowledged issues with the token mint start \u2014 allegedly due to server overload, not all users learned of the launch. They said the NFTs were sold out in three seconds.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">So first of all, sorry for the people who encountered an issue during the sale..<\/p>\n<p>The issues we encountered :<br \/>\u2014 Dedicated RPC server (312 cores) got slammed and people didn\u2019t saw when the mint started<br \/>\u2014 Error was present for the mint price in the smart contract, 1 instead of 5<\/p>\n<p>\u2014 Aurory (@AuroryProject) <a href=\"https:\/\/twitter.com\/AuroryProject\/status\/1432735137628839936?ref_src=twsrc%5Etfw\">August 31, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier, a collector<a href=\"https:\/\/u1f987.com\/en\/news\/collector-pays-335000-for-banksy-nft-authenticity-of-the-work-questioned\"> paid 100 ETH (~$335 000)<\/a> for an NFT, allegedly by the anonymous artist Banksy. A few hours later, a duplicate token was sent to him.<\/p>\n<p>Subscribe to ForkLog news on <a href=\"https:\/\/www.facebook.com\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">Facebook<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Messari analyst Chase Devens was among the victims of a phishing attack on the Aurory Project NFT drop on the Solana blockchain. The attacker drained wallets of crypto and NFTs worth more than $1 million.<\/p>\n","protected":false},"author":1,"featured_media":48668,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1213],"class_list":["post-48667","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-nft"],"aioseo_notices":[],"amp_enabled":true,"views":"17","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/48667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=48667"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/48667\/revisions"}],"predecessor-version":[{"id":48669,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/48667\/revisions\/48669"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/48668"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=48667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=48667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=48667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}