The founder of the Ordinal Rugs project fell for phishing, as a result of which the attackers withdrew 1.47 BTC (~$102,500) and Bitcoin “inscriptions” worth 4 BTC (~$278,000) from his hot wallet.
Wallet Drained, A Port-Mortem...
Earlier today I fell victim to a wallet drainer on one of my personal hot wallets, losing 1.47 BTC plus around ~4 BTC worth of ordinals ($300k+ USD)
In the ten years I've spent in crypto, this is the first time I've lost a sizable amount... pic.twitter.com/nhsBDmrWWV
“In my ten years in the crypto industry, this is the first time that I have lost a significant amount of money due to hacking/fraud (not to mention a wallet drain),” said the head of the platform under the pseudonym Archon.
The hack began with a message sent to members of the Bitcoin Rock Discord server advertising a giveaway for the popular Runestones ordinals. The link in the post led to the fake website of the Magic Eden NFT marketplace.
When Archon connected his wallet to the site and signed the transaction, the hacker was able to steal his coins and “inscriptions.” He admitted that he was inattentive, forgetting about the main safety rules.
“The affected wallet was intended only for issuing [Bitcoin NFTs], but over time I began to become careless and left more serial numbers, as well as funds for purchases and exchanges there,” he noted.
According to him, during the phishing campaign, the attackers tagged all participants using the @all command, but only server administrators had the rights to do this.
Archon discovered that there was a new way to manipulate channel pings using something called a “markdown flow.” He concluded that even large and well-protected servers are at risk of being attacked.
“This is an extremely painful lesson. There's really nothing worse than the moment you realize your wallet is empty. Be vigilant when it comes to joining distributions or mints of tokens,” reminded the founder of Ordinal Rugs.
At the end, Archon noted that the wallets of the project itself were not affected. He also thanked some community members for ransoming the two stolen “inscriptions,” which were later returned to him.
Earlier, Pocket Universe analysts warned about global crypto-phishing on Discord. They said that criminals have learned to embed malicious links directly into messages to disguise themselves.
Recall that on March 19, unknown people hacked The Open Network blockchain account in X and posted a fake post about an airdrop.
In the same month, the X-accounts of several crypto industry influencers were compromised to promote the PACKY scam token. The hacker gained access through the automatic posting service IFTTT (If This then That).