Hot Hong Kong NFT project Monkey Kingdom loses US$1.3 million in hack, exposing security concerns
- A hacker stole an administrator account of the project’s group chat on Discord, a popular online instant messaging service
- Monkey Kingdom fraud is the latest in a series of scams seen in the space in recent months as the popularity around NFT reaches fever pitch
Popular non-fungible token (NFT) project Monkey Kingdom, founded by entrepreneurs in Hong Kong and promoted by celebrities such as JJ Lin and Steve Aoki, had its group chat hacked on Tuesday, allowing a cyber thief to steal nearly US$1.3 million worth of cryptocurrencies with a phishing link.
A hacker stole an administrator account of the project’s group chat on Discord, a popular online instant messaging service, and posted a phishing link in the group chat on Tuesday, just as the project kicked off a new sale in earnest. Buyers lost more than 7,000 Solana, a popular cryptocurrency, to the scam, which amounts to nearly US$1.3 million.
Phishing is a common form of online fraud often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. It is now being used to breach access to users’ cryptocurrency wallets.
This is the latest in a series of scams seen in the NFT space in recent months as the popularity around NFT reaches fever pitch. Sales volume of NFTs surged to US$10.7 billion in the third quarter of 2021, up more than eightfold from the previous quarter, according to data from market tracker DappRadar.
Launched on November 27, Monkey Kingdom, which comprises 2,222 digital portraits of the mythical hero Monkey King dressed in different styles, has quickly become one of the most talked-about NFT projects in Asia, with endorsements from celebrities including Steve Aoki, JJ Lin and Ian Chan of the Hong Kong-based boy band Mirror.
In addressing the hack, the project made a post on Twitter on Tuesday, saying: “At 10:00pm HKT when our presale began, our Announcement channel on Discord was hijacked by a bot named ‘Monkey Kingdom’ while our website was experiencing traffic. A discord webhook got compromised and posted a phishing link to the Announcement channel.”
A Monkey Kingdom buyer, whose Twitter handle was “commenstar”, took to the social media platform to share his loss on Tuesday. “Guys I got drained 650 SOL,” the buyer said, “Never thought it was not a legit mint link in [the] official discord [channel.”
On Wednesday, the project announced on Twitter that it has earmarked 7,056 Solana for a “compensation fund” to help refund buyers who were scammed by the hack.
Monkey Kingdom did not immediately reply to a request for comment by the South China Morning Post on Wednesday.
Hong Kong native Andrew Man, a real estate investment professional by day and an NFT enthusiast by night, said that scams have become common occurrences in the world of NFT as its popularity surges.
He said that phishing links are a common ploy by which thieves can steal from cryptocurrency holders. Some phishing links ask users to share the so-called “seed phrases” to their virtual wallets, which can compromise their wallets.
Founded by a team of eight pseudonymous crypto enthusiasts, Monkey Kingdom represents a new breed of NFT start-ups in Hong Kong.