The laundering of funds stolen though Beeple's Twitter
Twitter account of the popular artist and NFT creator Mike Winkelmann, known as Beeple, was hacked on May 22, 2022. Hackers posted a link to a phishing site on Twitter with an offering to sell NFTs. As a result of this attack, more than $400 000 were stolen from buyers.
The TokenScope Team made a brief research and traced the ways of funds withdrawal. The hackers acted as follows, firstly they invited users to the website beeple-mint.com, supposedly dedicated to Beeple's collaboration with Louis Vuitton fashion house.
Thus, by substituting with the phishing link, the scammers address 0x7b69c4f2ACF77300025E49DbDbB65B068b2Fda7D was deposited by 36 ETH. The same day funds were sent to another address 0xF305F6073CFa24f05FF15CA5b387DD91D871b983. Then funds were transferred to the address 0xd90e2f925DA726b50C4Ed8D0Fb90Ad053324F31b, located on the Tornado mixer.
With funds raised with first phishing link, the scammers, took the control of the Twitter account and changed their tactics. A tweet stating that Beeple was releasing 200 new NFTs "from my collection behind the scenes" was published with the updated phishing link and the indicated address for payments 0xcad7fc974F61A08ADEF110D1BA446fa5b5Bb27.
The funds in the amount of 41.7 ETH raised at the second address were sent the same day to 0x5b3256965e7C3cF26E11FCAf296DfC8807C01073, located at OpenSea, a popular trading platform for NFT transactions.
Funds in the amount of 100.1 ETH were sent on May 22, 2022 to another address 0xd153f809f302e1a699f14d25912fceff06ab7aea, from which the next day the funds directly and through the address 0x5c259e550dd64dbe578d63032b2ea3717d8b143c were withdrawn to the address 0xd90e2f925DA726b50C4Ed8D0Fb90Ad053324F31b, located on the Tornado mixer, by several transactions.
A Part of the 46.3 ETH funds raised by the phishing link from the sale of NFT Mutant Ape Yacht Club, VeeFriends, Otherdeeds, along with the other funds collected were withdrawn through a chain of addresses to 0xd90e2f925DA726b50C4Ed8D0Fb90Ad053324F31b, also located on the Tornado Mixer.
In total, the scammers managed to earn 224.1 ETH, equals to $448 000 (with the rate 1 ETH = $2 000), during May 22, 2022. The funds were raised by 2 phishing links posted on the Twitter account previously hacked. The funds were partially laundered on the OpenSea marketplace, including the purchase and sale of NFT. Finally, all the funds were withdrawn through the Tornado mixer.
Obviously this case shows us that the practice of the stolen money laundering through the purchase of NFT is gaining momentum, since it is difficult to trace the movement of funds and, therefore, to establish the ownership.
In our next articles, we will take look at how to protect yourself when buying and selling NFTs, as well as easy tips to follow to avoid being victimized.
Successful investments in cryptocurrency projects and don't forget to check addresses for risks, it can help to save your funds! You can also report us any cases related to specific cryptocurrency addresses and the considered risks at TokenScope via "Reporting a cryptocurrency address" form. This will help to protect other users from the risks of interacting with such addresses and their owners.