The founder of the Ordinal Rugs project was caught by phishing, as a result of which the attackers withdrew 1.47 BTC (~$102,500) and 4 BTC worth of bitcoin"inscriptions" (~$278,000) from his hot wallet.
"In my ten years in the crypto industry, this is the first time I have lost a significant amount of money due to hacking/fraud (not to mention draining my wallet)," said the head of the platform under the pseudonym Archon.
The hack began with a message sent to members of the Bitcoin Rock Discord server advertising the draw for popular Runestones ordinals. The link in the post led to a fake site of the Magic Eden NFT marketplace.
When Archon connected his wallet to the site and signed the transaction, the hacker was able to steal his coins and "inscriptions". He admitted that he was inattentive, forgetting about the main safety rules.
"The affected wallet was intended only for issuing [bitcoin-NFT], but over time, I began to be careless and left more sequence numbers there, as well as funds for buying and exchanging," he noted.
According to him, during the phishing mailing, the attackers tagged all participants through the @All command, but only the server administrators had the rights to do this.
Archon discovered that there is a new way to manipulate channel pings, using the so-called "markdown flow". He concluded that even large and well-protected servers are at risk of being attacked.
"This is an extremely painful lesson. In fact, there is nothing worse than the moment when you realize that your wallet is empty. Be vigilant when it comes to connecting to giveaways or minting tokens," the founder of Ordinal Rugs reminded.
In the end, Archon noted that the wallets of the project itself were not affected. He also thanked some members of the community for redeeming two stolen "inscriptions", which were later returned to him.
Earlier, Pocket Universe analysts warned about global crypto phishing on Discord. They said that criminals have learned how to embed malicious links directly in messages to disguise themselves.
"In my ten years in the crypto industry, this is the first time I have lost a significant amount of money due to hacking/fraud (not to mention draining my wallet)," said the head of the platform under the pseudonym Archon.
The hack began with a message sent to members of the Bitcoin Rock Discord server advertising the draw for popular Runestones ordinals. The link in the post led to a fake site of the Magic Eden NFT marketplace.
When Archon connected his wallet to the site and signed the transaction, the hacker was able to steal his coins and "inscriptions". He admitted that he was inattentive, forgetting about the main safety rules.
"The affected wallet was intended only for issuing [bitcoin-NFT], but over time, I began to be careless and left more sequence numbers there, as well as funds for buying and exchanging," he noted.
According to him, during the phishing mailing, the attackers tagged all participants through the @All command, but only the server administrators had the rights to do this.
Archon discovered that there is a new way to manipulate channel pings, using the so-called "markdown flow". He concluded that even large and well-protected servers are at risk of being attacked.
"This is an extremely painful lesson. In fact, there is nothing worse than the moment when you realize that your wallet is empty. Be vigilant when it comes to connecting to giveaways or minting tokens," the founder of Ordinal Rugs reminded.
In the end, Archon noted that the wallets of the project itself were not affected. He also thanked some members of the community for redeeming two stolen "inscriptions", which were later returned to him.
Earlier, Pocket Universe analysts warned about global crypto phishing on Discord. They said that criminals have learned how to embed malicious links directly in messages to disguise themselves.
