In a flagrant display of cybersecurity breaches, the Gutter Cat Gang NFT project recently fell victim to a SIM swap attack, resulting in the theft of more than $765,000 worth of nonfungible tokens (NFTs). The magnitude of the theft underscores the growing threats faced by participants in the NFT and wider crypto industry.
Ingenious Deception
The security breach was detected on the evening of July 7, around 8:00 pm UTC, by vigilant members of the NFT community. Reacting to the situation, Gutter Cat Gang co-founder Gutter Mitch issued a swift alert, stating, "Our Twitter has been compromised please do not interact with any links." Additionally, co-founder Gutter Ric's account was found compromised. The perpetrators cunningly manipulated the compromised accounts to disseminate phishing links for limited edition Gutter Cat Gang NFT sneaker airdrops.
Our Twitter has been compromised please do not interact with any links
— Gutter Mitch (@GutterMitch) July 7, 2023
The victims found their hot wallets swiftly drained upon clicking these deceitful links. The links bore a close resemblance to the genuine, being adorned with recent Gutter Cat Gang branding and images from the project’s recent sneaker collaboration with Puma and NBA star LaMelo Ball.
Questionable Security Measures
Esteemed blockchain investigator ZachXBT pinpointed the method of attack as a SIM swap and cast doubts over the team's cybersecurity measures. He critiqued the use of SMS 2FA on social accounts, especially given the recent spate of SIM swap incidents, stating, "Your team better look at a compensation plan for victims as it is gross negligence."
Someone else just lost $700k of assets (couple BAYCs, MAYC, Doodles, BAKCs, etc) pic.twitter.com/noNvkqkw9U
— ZachXBT (@zachxbt) July 7, 2023
He also highlighted the significant losses incurred by victims, with one losing a Bored Ape Yacht Club NFT valued at $65,913 and another victim suffering a loss of an astounding $700,000 worth of NFTs.
Responding to Crisis
Gutter Cat Gang co-founder Gutter Dan addressed the incident, stating, “We are working with Twitter to regain access to the compromised Gutter-affiliated Twitter accounts.” His message conveyed empathy towards the victims and assured them that the team is treating the matter with utmost seriousness and is engaging with law enforcement to investigate the breach.
We are working with Twitter to regain access to the compromised Gutter-affiliated Twitter accounts. We deeply sympathize with all those impacted and want to assure you that we are taking this matter very seriously and are working with law enforcement to investigate the hack and…
— Gutter Dan (@gutterdan_) July 7, 2023
At the time of writing, the hackers might still control access to the accounts. This incident stresses the importance of implementing robust cybersecurity protocols in the ever-expanding NFT landscape.