NFT

Sandbox Followers Fall Victim To Hacked Instagram

With several individuals losing NFTs and others being phished for their Bored Apes.

NFT

Sandbox Followers Fall Victim To Hacked Instagram

With several individuals losing NFTs and others being phished for their Bored Apes.

On Thursday, September 8, The Sandbox saw its Instagram hacked and a phishing link posted to its page disguised as an “Alpha Season 4 Holder Raffle.” Those who entered the site to participate in the perceived raffle were then prompted to sign a transaction with their Web3 wallet that would ultimately grant the hacker access to all their assets.

While the exploit was removed and the account recovered within a few hours, several followers still fell victim to the hacker. Stolen tokens included Vee Friends Series 2, The Lobstars, as well as Steve Aoki and Snoop Dogg Sandbox NFTs, among others — according to data found on Etherscan.

Taking things a step further, the hacker also attempted to steal Bored Ape Yacht Club (BAYC) NFTs, reaching out to followers of The Sandbox who had the tokens as their profile pictures — offering them 40 Ethereum to rent for 24 hours. This particular part of the exploit appears to be unsuccessful as no BAYC thefts have been reported.

Unfortunately, the brand still does not know how they were compromised and said that all necessary security measures were in place, including two-factor authentication.

In a recent conversation on security practices with Cointelegraph, Polygon’s Chief Security Officer Mudit Gupta shared how most of the largest hacks in the crypto space have been due to Web2 failures in security and not blockchain technology itself. One of the main points of failure is human vulnerability to phishing schemes and the lack of protection of sensitive information.

“I’ve been pushing at least all of the major companies to get a dedicated security person who actually knows that key management is important,” said Gupta, adding that “you have API keys that are used for decades and decades. So there are proper best practices and procedures one should be following. To keep these keys secure. There should be proper audit trail logging and proper risk management around these things. But as we’ve seen these crypto companies just ignored all of it.”

However, despite the recent exploit, both The Sandbox and its parent company Animoca Brands are pushing full steam into Web3. The Hong Kong based software and venture capital company has its sights on the metaverse, and on the same day as the exploit announced the closing of a $110 million USD funding round.


Considering Web3 and related products are an emerging space, it is clear that there is still much to be done in terms of security and that exploiters are shifting more towards a social engineering tactic, where they attempt to target and manipulate individuals rather than entire protocols.

Some of the best practices can be double and triple checking things that seem too good to be true, as well as carefully reviewing all transactions before signing them. Most importantly, users should look to store all of their valuable assets in cold storage wallets like a Ledger, and when interacting with the blockchain use a dedicated hot wallet with minimal funds.

Elsewhere in Web3, see how MetaMask is trying to mitigate NFT scams with a new transaction signing update.

You may also like

The Sandbox Announces Alpha Season 3 With 98 Interactive Experiences and New Web3 Gameplay
Metaverse

The Sandbox Announces Alpha Season 3 With 98 Interactive Experiences and New Web3 Gameplay

Empowering Web3 interoperability with over 140K playable NFT assets and brand IPs.
Cosmo Media Labs Liftoffs With Financial Backing From The Sandbox
Metaverse

Cosmo Media Labs Liftoffs With Financial Backing From The Sandbox

Becoming the first independent production studio to receive capital support from The Sandbox, which will serve as an IP vault for brands entering the metaverse.
Gucci Launches "A Parallel Multiverse Of Dreams" inside The Sandbox
Metaverse

Gucci Launches "A Parallel Multiverse Of Dreams" inside The Sandbox

With Gucci Vault Land inside The Sandbox’s immersive metaverse.
Metaverse Giant Behind The Sandbox, Animoca Brands, Reports Over $4B USD in Crypto and Cash Reserves
Metaverse

Metaverse Giant Behind The Sandbox, Animoca Brands, Reports Over $4B USD in Crypto and Cash Reserves

According to data from its most recent investors update.
More ▾