The non-fungible token (NFT) craze on the Solana network has witnessed its first major setback. Users have reportedly lost over $500,000 to a phishing website that included a malicious code that moved all of a user’s funds to the hacker’s address.
Aurory, a gaming project built on Solana, announced the impending release of its NFTs today, August 31. Following their initial release, users are usually required to connect their wallets to the NFT contract to mint the tokens. On this occasion, however, some users landed on a phishing website with a similar address, that is app.aurory vs aurory(dot)app.
Those who connected their wallets and signed the malicious contract on the phishing website ended up losing their SOL holdings as it was quickly transferred to the hacker’s address.
At this time, the amount lost to the incident is unknown, but it could be over $500,000, according to Twitter user @hoaktrades who first spotted the spooky website. Aurory Project reported that its website had over 55,000 users at the time of the sale.
The address used for the phishing still holds over $75,000 in SOL token and other balances, while the attacker is already converting the funds to Wrapped Ether (WETH) and moving them from Solana to Ethereum.
STOP GOING TO AURORY(DOT)APP
ALREADY OVER HALF A MILLION HAS BEEN SWEEPED FROM WALLETS
— hoak.sol (@hoaktrades) August 31, 2021
FTX CEO, Sam Bankman-Fried responded to a request asking the exchange to blacklist the associated address and possibly freeze funds, although no success has been reported so far.
How to Avoid Similar Incidents While Minting NFTs
Crypto users can avoid similar occurrences or minimize them in the future by using only new addresses when participating in NFT mint. This is in addition to making sure that they’re on the right URL specified by the project and also not enabling auto-approve transactions on any NFT minting website.
Solana wallet developer Phantom said in a reply that it would remove the auto-approve feature from connection requests in a bid to prevent such incidents in the future.
We will be removing it completely.
— Phantom (@phantom) August 31, 2021
Affiliate: Get a Ledger Nano X for $119 So That Hackers Won't Steal Your Crypto!