Hacker Admits to Stealing 88 ETH in NFT Scam, Then Returns It
The hacker publicly admitted to executing an NFT scam in a live Twitter discussion with the Creature Toadz community.
- A hacker tricked Creature Toadz NFT community members on Discord into sending 88 ETH via a fake mint.
- The hacker purportedly has been identified and has since publicly claimed responsibility for the attack.
- Since the incident, the hacker returned the funds to the Creature Toadz team, who are planning to refund them to users.
Share this article
A hacker has returned over $340,000 in ETH to the Creature Toadz NFT project after posting a fake mint link in Discord. Despite the return of the funds, some members of the community are still insisting that the hacker be held to further account.
Hacker Claims Responsibility on Twitter
The upcoming Creature Toadz NFT project ran into a major roadblock this morning when an anonymous figure hacked their Discord server and tricked members into sending them over 88 ETH, worth more than $340,000 at the time.
Posing as a moderator, the hacker shared a web link portending to be for community members to mint Creature Toadz in what was labeled as a “stealth mint.” Before it was revealed that the weblink was a scam, the community members had altogether sent roughly 88 ETH to the hacker’s address. The team said their Discord was compromised for about 45 minutes.
Surprisingly, however, the funds were later returned by the same hacker who stole them. Many believe the hacker did not have bad intentions and compared it to past attacks, such as those on Poly Network and Cream Finance, after which the funds were returned.
In an insane turn of events, the hacker has returned all the money he stole!!! This is one of the craziest nights of my life. All the affected will be refunded fully in ETH. pic.twitter.com/zNa1K6COuv
— CreatureToadz NFT (🪰,🪰) (@CreatureToadz) October 20, 2021
In reality, on-chain analysis had already revealed the hacker’s identity.
OKHotshot, an anonymous NFT analyst, tracked down the identity behind the ETH address that received funds from the fake NFT minting contract used by the hacker.
Speaking with Crypto Briefing, OKHotshot said that by analyzing the paper trail left by the hacker’s Ethereum transactions, he connected the hacker’s identity to a Twitter user called HEERR.
During a post-hack Twitter spaces discussion hosted by NFT investor and writer Andrew Wang with the Creature Toadz community, HEERR publicly claimed responsibility for the Discord hack.
OKHotshot, who was a speaker in the same Spaces discussion, spotted that the purported hacker was present as a listener. Then, OKHotShot called out the hacker directly and publicly requested he return the funds.
.@CreatureToadz after finding out the scammer was (is) in our spaces I called him out directly "do the right thing, give the ETH back". Now it turns out the scammer listened and returned the 88 ETH back to team: pic.twitter.com/3KnHfMBTcz
— OKHotshot (@NFTherder) October 20, 2021
HEERR, whose real name is still unknown, joined in as a speaker and incriminated himself for the Discord hack. Claiming to be a 17-year-old high school male student, the hacker said, “it was a joke,” and that the original plan was to return the funds.
OKHotshot told Crypto Briefing that he did not believe the hacker did this as a joke or a mere stunt. He said that “claiming innocence is the only way out to avoid legal troubles” before adding that he was “going to nail his real-world identity regardless of their admittance.”
Soon after the Twitter Spaces session was over, the hacker returned all the funds to the team’s address. Meanwhile, the Creature Toadz team has decided not to press charges. They are now planning to refund members tricked into sending ETH to the hacker.
The incident raises questions surrounding Discord’s security capabilities. In today’s incident, the exploit originated from a vulnerability that itself originated from Webhooks, a Discord feature used for automated messages. Many in the NFT community, including OKHotshot, have reported that scammers have been using this vulnerability to hijack Discord bots.
The genuine minting phase for Creature Toadz is scheduled to launch tomorrow.