All investment/financial opinions expressed by NFTevening.com are not recommendations.
This article is educational material.
As always, do your own research before making any kind of investment.
Blockchain Detective Uncovers Beeple Hack Scammers
Famous blockchain NFT security detective, ZachXBT, has found the fraudsters responsible for the recent Beeple hack in May. This hack resulted in a phishing scam being raised over $450 thousand for the fraudsters. Significantly, Beeple’s Discord was also under attack yesterday. Apparently the links to his Discord redirect his fans and followers to a replica server that will siphon NFTs and tokens from those who interact with it. The attacks on Beeple are the latest example of high-profile individuals being targeted to deceive their followers.
Beeple hackers stole over 450 thousand dollars!
Beeple is one of the most famous NFT artists in the world and has a significant following online, both in the NFT world and the wider art community.
In May, he tweeted an announcement of an upcoming collaboration with Louis Vuitton, along with a website link. In this tweet, he told his 700 thousand followers that this was a raffle, with an entry fee of 1 ETH. Significantly, Beeple also stated that lost listings would be refunded, making it a win-win situation.
However, there was a big problem. This was not Beeple tweeting. It was an elaborate hack. Fraudsters had managed to get hold of Beeple’s Twitter account and posted fake news alongside a link, which led to a phishing page. Due to the popularity of the artist and the value of his NFTs, many people rushed to enter and clicked on the link.
Within hours, Beeple got their account back, but unfortunately over $450 thousand (225 ETH) was stolen from people in that short period.
ZachXBT Investigates Massive Beeple Hack
ZachXBT is a pillar of the NFT community. He is a self-proclaimed on-chain scout who dedicates his free time to finding hackers and fraudsters on the blockchain. Since NFTs have exploded in popularity, fraudsters have attempted to exploit any vulnerabilities. People like ZachXBT are on the front lines trying to stop this from happening.
In the case of the Beeple hack, Zach has identified three people he believes are responsible for the attack. In a tweet this afternoon he said, “Time for an investigation into the @beeple Twitter hack that resulted in $450k+ being stolen, where those funds are now, and track down the three responsible.”
So who is responsible for the Beeple hack?
ZachXBT has identified Cam Redman, Two1/Youssef and another person named @bandage on Twitter, but also goes by ShinePranked or Shayan.
So how did this happen? According to ZachXBT, Cam Redman sold Twitter panel access to Two1/Youssef and @Bandage. Two1/Youssef and @Bandage then used access to Tweet phishing links from Beeple’s official verified account.
He was able to identify Cam due to previous investigations where he discovered that Cam was selling panel access to scammers. This allows them to take over a person’s Twitter account and carry out fraud.
Notably, ZachXBT also identified Cam as early as February 2020 as a suspicious person. Apparently the SIM card swapped $37 million worth of Bitcoin & Bitcoin Cash from an unlucky person.
Fraudsters use crypto glasses Tornado Cash to hide money
In the hours following the scam, the two attackers, 0xF305F6073CFa24f05FF15CA5b387DD91f871b983 and 0xcad7fc974F61A08ADEF110D1BA446fa5b5B5Bb27 started funneling money into Tornado Cash. They sent over 100 ETH to Tornado, and from there sent it to another account, 0x2Fc55F49783Caf72628eb3fe0380671ed9A57684.
This cryptocurrency tumbler acts as a coin mixer, allowing individuals to break the links between chain transactions and improve transaction privacy. However, it is extremely popular with fraudsters and individuals trying to erase the trail of their actions. Unfortunately for fraudsters, there is always a trail to follow.
ZachXBT identified the 0x2F address as Two1/Youssef because they sent ETH to another account, which Two1 – known on Twitter as @uwu – tweeted pictures of in June.
Although the attackers sent the stolen ETH across different accounts, ZACHXBT managed to track a large amount of the stolen funds.
What happens afterwards?
Unfortunately, not much is possible right now. ZachXBT has reported the accounts involved in the Beeple hack and has logged a chain abuse report. Additionally, the accounts will most likely have a phishing warning attached to them.
If there is enough evidence, people affected by the hack can file a legal claim. For now, ZachXBT have identified the attackers by their aliases. Hopefully this reminds people to use more caution in the NFT space and remember the old saying – If it’s too good to be true, it probably is.
Finally, in response to the investigation, Beeple created a unique piece of art for ZachXBT. Pictured is a towering figure of Zach’s pfp in a dystopian wasteland filled with rats.
Beeple also tweeted, “MAssive thanks to @zachxbt for exposing these scumbags. remember to SET DOWN before shopping in this room. especially when you’re operating with a wallet full of stuff.”
