{"id":34181,"date":"2025-06-28T11:02:02","date_gmt":"2025-06-28T11:02:02","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=34181"},"modified":"2025-06-28T11:02:02","modified_gmt":"2025-06-28T11:02:02","slug":"1-million-drained-from-pepe-nft-projects-in-coordinated-contract-hijack","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=34181","title":{"rendered":"$1 Million Drained From Pepe NFT Projects in Coordinated Contract Hijack"},"content":{"rendered":"<div>\n<p><span data-preserver-spaces=\"true\">A set of NFT collections tied to Matt Furie, the creator of the Pepe meme, and the ChainSaw studio have been <\/span><span data-preserver-spaces=\"true\">hit<\/span><span data-preserver-spaces=\"true\"> by a string of contract hijacks <\/span><span data-preserver-spaces=\"true\">that led to<\/span><span data-preserver-spaces=\"true\"> more than $1 million being stolen.<\/span><span data-preserver-spaces=\"true\"> Attackers took control of mint contracts, drained revenue, and issued new tokens, wiping out value and leaving collectors stunned. Many fans were shocked to see the Pepe creator\u2019s NFT projects targeted by attackers with deep access to mint functions.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">The theft wasn\u2019t a one-time hit. It unfolded in stages, across multiple days and multiple collections, suggesting careful planning and a deep understanding of how the projects were structured. The fact that the attackers gained control from inside the contract level has triggered serious concerns across the NFT community.<\/span><\/p>\n<h2><span data-preserver-spaces=\"true\">How the Attack Played Out<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">It began in the early hours of June 18 when the Replicandy mint contract, part of ChainSaw\u2019s ecosystem, was taken over. Ownership was quietly transferred to a new address. That gave the attacker full control. They emptied the mint funds and then reopened the contract to create new tokens. <\/span><span data-preserver-spaces=\"true\">These were pushed out rapidly, flooding the market and <\/span><span data-preserver-spaces=\"true\">crashing<\/span><span data-preserver-spaces=\"true\"> prices.<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">1\/  Multiple projects tied to Pepe creator Matt Furie &amp; ChainSaw as well as another project Favrr were exploited in the past week which resulted in ~$1M stolen<\/p>\n<p>My analysis links both attacks to the same cluster of DPRK IT workers who were likely accidentally hired as developers. <a href=\"https:\/\/t.co\/85JRm5kLQO\" target=\"_blank\" rel=\"nofollow\">pic.twitter.com\/85JRm5kLQO<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1938598925004607629?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">June 27, 2025<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><span data-preserver-spaces=\"true\">Just days later, the same playbook was used on three other ChainSaw-connected collections: Peplicator, Hedz, and Zogz. The total value drained was estimated at over $300,000 at that point, but tracking showed it didn\u2019t stop there. The attacker moved the stolen funds through different wallets before cashing out through the MEXC exchange, all while staying several steps ahead of observers.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">On-chain researchers, including <a class=\"general-link\" href=\"https:\/\/x.com\/zachxbt\/status\/1938598925004607629\" target=\"_blank\" rel=\"nofollow noopener nofollow\">ZachXBT<\/a>, tied the activity to wallets that had interacted with earlier contract exploits. <\/span><span data-preserver-spaces=\"true\">Their analysis <\/span><span data-preserver-spaces=\"true\">showed<\/span><span data-preserver-spaces=\"true\"> the process was not <\/span><span data-preserver-spaces=\"true\">just<\/span><span data-preserver-spaces=\"true\"> opportunistic but systematic.<\/span><\/p>\n<p><strong>DISCOVER: <a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/high-risk-high-reward-crypto\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\">9+ Best High-Risk, High-Reward Crypto to Buy in June2025<\/a><\/strong><\/p>\n<h2><span data-preserver-spaces=\"true\">Suspicion Falls on Freelance Code Hires<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">Things took another turn when investigators uncovered GitHub profiles linked to developers who appeared to be based in the U.S. but were using tools and settings associated with North Korea. VPN data and regional preferences raised red flags. <\/span><span data-preserver-spaces=\"true\">The suspicion is that some of the contract access may have <\/span><span data-preserver-spaces=\"true\">come<\/span><span data-preserver-spaces=\"true\"> from developers hired through open platforms, given control over sensitive systems without a <\/span><span data-preserver-spaces=\"true\">full<\/span><span data-preserver-spaces=\"true\"> vetting process.<\/span><\/p>\n<figure id=\"attachment_253941\" aria-describedby=\"caption-attachment-253941\" style=\"width: 894px\" class=\"wp-caption aligncenter\"><img fetchpriority=\"high\" decoding=\"async\" class=\"size-full wp-image-253941\" src=\"https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/North-Korean-Hackers-Involved-in-Hack-of-Pepe-Creators-NFT-Project-Maybe.jpg\" alt=\"Pepe Creator\u2019s NFT Projects Hit by Major Contract Hack\" width=\"894\" height=\"847\" srcset=\"https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/North-Korean-Hackers-Involved-in-Hack-of-Pepe-Creators-NFT-Project-Maybe.jpg 894w, https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/North-Korean-Hackers-Involved-in-Hack-of-Pepe-Creators-NFT-Project-Maybe-300x284.jpg 300w, https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/North-Korean-Hackers-Involved-in-Hack-of-Pepe-Creators-NFT-Project-Maybe-768x728.jpg 768w, https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/North-Korean-Hackers-Involved-in-Hack-of-Pepe-Creators-NFT-Project-Maybe-50x47.jpg 50w, https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/North-Korean-Hackers-Involved-in-Hack-of-Pepe-Creators-NFT-Project-Maybe-211x200.jpg 211w, https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/North-Korean-Hackers-Involved-in-Hack-of-Pepe-Creators-NFT-Project-Maybe-317x300.jpg 317w\" sizes=\"(max-width: 894px) 100vw, 894px\"><figcaption id=\"caption-attachment-253941\" class=\"wp-caption-text\">Source: ZachXBT on X.com<\/figcaption><\/figure>\n<p><span data-preserver-spaces=\"true\">In a separate but similar incident, a newer NFT project called Favrr lost $680,000 under almost identical conditions. Their CTO vanished, and funds from the attack followed the same laundering pattern. This has fueled concern because people believe multiple projects may have been compromised through the same outsourcing channels.<\/span><\/p>\n<p><strong>DISCOVER: <a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/next-1000x-crypto\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\">Next 1000X Crypto: 10+ Crypto Tokens That Can Hit 1000x in 2025<\/a><\/strong><\/p>\n<h2><span data-preserver-spaces=\"true\">Aftermath and Silence<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">The Favrr team announced they would refund users and conduct a full review of their contract architecture. ChainSaw and Matt Furie have taken a different approach. They shut down p<\/span><span data-preserver-spaces=\"true\">ublic chat channels, removed contact forms, and left collectors <\/span><span data-preserver-spaces=\"true\">guessing what, if anything, <\/span><span data-preserver-spaces=\"true\">will<\/span><span data-preserver-spaces=\"true\"> be done.<\/span><\/p>\n<div class=\"cpp-crypto-chart cpp-crypto-chart-99btc cpp-crypto-chart-eth\" data-coin-symbol=\"eth\" data-price-usd=\"ETH Price (USD)\" data-main-color=\"#4caf05\" data-watermark-image=\"https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/99bitcoins-logo.png\" data-chart-style=\"99btc\">\n<div class=\"cpp-chart-top-section\">\n<div class=\"cpp-chart-info-section\">\n<div class=\"cpp-chart-logo\"><img decoding=\"async\" src=\"https:\/\/cimg.co\/coinlogo\/4\/5b7fc72f06f17.svg\" alt=\"eth logo\"><\/div>\n<div class=\"cpp-chart-coin-details\">\n<div class=\"cpp-chart-labels-row\">\n<div class=\"cpp-chart-coin-name\">Ethereum<\/div>\n<div class=\"cpp-chart-price-info\">Price<\/div>\n<div class=\"cpp-chart-market-cap\">Market Cap<\/div>\n<\/div>\n<div class=\"cpp-chart-values-row\">\n<div class=\"cpp-chart-coin-symbol\">ETH<\/div>\n<div class=\"cpp-chart-price\"><\/div>\n<div class=\"cpp-chart-market-cap-value\">$292.88B<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"cpp-chart-selectors cpp-chart-selectors-99btc\"><span class=\"cpp-chart-selector\" data-period=\"24h\">24h<\/span><span class=\"cpp-chart-selector\" data-period=\"7d\">7d<\/span><span class=\"cpp-chart-selector\" data-period=\"30d\">30d<\/span><span class=\"cpp-chart-selector\" data-period=\"1y\">1y<\/span><span class=\"cpp-chart-selector\" data-period=\"all_time\">All time<\/span><\/div>\n<\/div>\n<p><canvas id=\"cpp-chart-685fca5344a07\" class=\"cpp-chart-container cpp-chart-container-99btc\"><\/canvas><\/div>\n<p><span data-preserver-spaces=\"true\">The floor prices of affected collections have collapsed. While some owners are hoping for a recovery plan, others have started writing off the tokens as a total loss.<\/span><\/p>\n<h2><span data-preserver-spaces=\"true\">What It Says About NFT Security<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">This incident highlights a bigger problem in the NFT space. <\/span><span data-preserver-spaces=\"true\">Too many projects <\/span><span data-preserver-spaces=\"true\">depend<\/span><span data-preserver-spaces=\"true\"> on external developers without <\/span><span data-preserver-spaces=\"true\">the right<\/span><span data-preserver-spaces=\"true\"> security checks.<\/span><span data-preserver-spaces=\"true\"> Mint contracts are powerful tools. Once someone gets access, they can change the rules, unlock funds, and create or destroy value in minutes.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">Now, collectors are asking more questions before jumping into new drops. Who controls the contracts? How is code reviewed? <\/span><span data-preserver-spaces=\"true\">What <\/span><span data-preserver-spaces=\"true\">kind<\/span><span data-preserver-spaces=\"true\"> of security <\/span><span data-preserver-spaces=\"true\">is<\/span><span data-preserver-spaces=\"true\"> in place?<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">Without clear answers, this may not be the last time an entire community watches its assets vanish overnight.<\/span><\/p>\n<p><strong><span data-preserver-spaces=\"true\">DISCOVER:\u00a0<\/span><a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/next-crypto-to-explode\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\"><span data-preserver-spaces=\"true\">20+ Next Crypto to Explode in 2025\u00a0<\/span><\/a><\/strong><\/p>\n<p><strong><a class=\"general-link\" href=\"https:\/\/discord.gg\/B7Uk6agkqj\" target=\"_blank\" rel=\"nofollow noopener nofollow\"><span data-preserver-spaces=\"true\">Join The 99Bitcoins News Discord Here For The Latest Market Updates<\/span><\/a><\/strong><\/p>\n<p><span data-preserver-spaces=\"true\">    <\/p>\n<div class=\"nnbtc-key-takeaways\">\n<h2 class=\"nnbtc-key-takeaways__title\">Key Takeaways<\/h2>\n<p><span data-preserver-spaces=\"true\">    <\/p>\n<ul class=\"nnbtc-key-takeaways__list\">\n        <\/ul>\n<p><\/span><\/p>\n<p><span data-preserver-spaces=\"true\">    <\/p>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        Hackers stole over $1 million from Pepe NFT projects by hijacking smart contracts tied to ChainSaw studio and Matt Furie.    <\/li>\n<p>    <\/span><\/p>\n<p><span data-preserver-spaces=\"true\">    <\/p>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        The attacks targeted multiple collections, draining funds and minting new tokens to crash floor prices across projects like Peplicator and Hedz.    <\/li>\n<p>    <\/span><\/p>\n<p><span data-preserver-spaces=\"true\">    <\/p>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        Evidence suggests the breach came through freelance developers, with suspicious ties to North Korea and poor internal security practices.    <\/li>\n<p>    <\/span><\/p>\n<p><span data-preserver-spaces=\"true\">    <\/p>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        A related exploit hit the Favrr NFT project for $680,000, following the same laundering path, raising fears of a broader vulnerability.    <\/li>\n<p>    <\/span><\/p>\n<p><span data-preserver-spaces=\"true\">    <\/p>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        This highlights a growing risk in the NFT space, where project teams give unvetted contractors access to mint-level permissions without sufficient safeguards.    <\/li>\n<p>    <\/span><\/p>\n<p><span data-preserver-spaces=\"true\"><br \/>\n    <\/span><\/p>\n<p><span data-preserver-spaces=\"true\">    <\/span><\/p>\n<\/div>\n<p>    <\/span><\/p>\n<p>The post <a href=\"https:\/\/99bitcoins.com\/news\/scams-theft\/pepe-creators-nft-projects-hit-by-1-million-hack\/\">$1 Million Drained From Pepe NFT Projects in Coordinated Contract Hijack<\/a> appeared first on <a href=\"https:\/\/99bitcoins.com\/\">99Bitcoins<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A set of NFT collections tied to Matt Furie, the creator of the Pepe meme, and the ChainSaw studio have been hit by a string of contract hijacks that led to more than $1 million being stolen. Attackers took control of mint contracts, drained revenue, and issued new tokens, wiping out value and leaving collectors [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-34181","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/34181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=34181"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/34181\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=34181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=34181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=34181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}