{"id":34243,"date":"2025-06-29T10:31:37","date_gmt":"2025-06-29T10:31:37","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=34243"},"modified":"2025-06-29T10:31:37","modified_gmt":"2025-06-29T10:31:37","slug":"nft-theft-fake-insiders-posing-as-it-experts-rack-up-1-million-zackxbt","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=34243","title":{"rendered":"NFT Theft: Fake Insiders Posing As IT \u2018Experts\u2019 Rack Up $1 Million\u2013ZackXBT"},"content":{"rendered":"
\n

NFT projects lost roughly $1\u202fmillion in crypto<\/a> over the past week when hackers posed as IT staff and struck at the heart of minting systems. The breach hit fan-token marketplace Favrr and Web3 initiatives Replicandy and ChainSaw, among others.<\/p>\n

According to onchain investigator and cybersecurity analyst ZackXBT, the attackers pushed out mass batches of NFTs, drove floor prices to zero, then cashed in their haul before teams could react.<\/p>\n

NFT: Hackers Slip Into Web3 Teams<\/h2>\n

Based on reports, the group quietly joined development squads under false identities. They gained insider access to minting contracts. Then they minted thousands of tokens and NFTs in moments.<\/p>\n

The sudden flood crushed floor prices and let the thieves grab hot cash in minutes. It all unfolded in under a week, and about $1\u202fmillion vanished from these projects\u2019 treasuries.<\/p>\n

\n

1\/ Multiple projects tied to Pepe creator Matt Furie & ChainSaw as well as another project Favrr were exploited in the past week which resulted in ~$1M stolen<\/p>\n

My analysis links both attacks to the same cluster of DPRK IT workers who were likely accidentally hired as developers. pic.twitter.com\/85JRm5kLQO<\/a><\/p>\n

\u2014 ZachXBT (@zachxbt) June 27, 2025<\/a><\/p>\n<\/blockquote>\n

Mass Minting Drops Prices<\/h2>\n

Favrr suffered one of the biggest hits. The thieves dumped tokens so fast the market couldn\u2019t catch up. Replicandy<\/a> and ChainSaw saw similar moves. At Replicandy, floor values hit zero almost instantly.<\/p>\n

ChainSaw\u2019s stolen crypto still sits inactive in wallets, waiting for launderers to stir it back into exchanges. ZackXBT pointed out that nested services then further obscured the money trail.<\/p>\n

\n

4\/ In total I estimate $310K+ from their projects was stolen and transferred primarily between the three address below.<\/p>\n

0xf6a9349c54d51f7f76bbd2afd755b5dd75e617ee
\n0x7e580f916a8e93871b72a694407fb7d790de96a6
\n0x58f4299465b261e79713e5c78a7629cd656aed36 pic.twitter.com\/8noeV48MUY<\/a><\/p>\n

\u2014 ZachXBT (@zachxbt) June 27, 2025<\/a><\/p>\n<\/blockquote>\n

Funds Trace And Freeze Challenges<\/p>\n

Onchain transfers moved funds through multiple exchanges and wallets. Analysts say tracing mixed outputs can take weeks. Exchanges must review huge logs.<\/p>\n

That slows or even blocks law enforcement from locking down accounts. In the Coinbase data leak back in May 2025, about 69,461 customers had personal info exposed.<\/p>\n

Contractors were bribed to hand over user data, leading to an extortion bid against the exchange.<\/p>\n


\nLessons From Broader Cyber Attacks<\/p>\n

The NFT\/Web3<\/a> insider episode echoes Ruby Sleet\u2019s tactics. In November 2024, that group targeted aerospace and defense firms, then shifted to IT companies via fake hiring drives.<\/p>\n

They used social engineering<\/a> to plant malware and harvest credentials. Today\u2019s blockchain and NFT hacks show that open and irreversible ledgers magnify mistakes. When insiders gain privileges, there\u2019s often no undo button.<\/p>\n

Security experts warn teams to rethink trust models. Zero\u2011trust approaches limit each engineer\u2019s reach. Multi\u2011party approval gates could block sudden minting spikes.<\/p>\n

Real\u2011time activity monitors can flag odd behavior right away. And code reviews paired with identity checks for every new hire help close gaps before they\u2019re abused.<\/p>\n

Featured image from Vecteezy, chart from TradingView<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

NFT projects lost roughly $1\u202fmillion in crypto over the past week when hackers posed as IT staff and struck at the heart of minting systems. The breach hit fan-token marketplace Favrr and Web3 initiatives Replicandy and ChainSaw, among others. According to onchain investigator and cybersecurity analyst ZackXBT, the attackers pushed out mass batches of NFTs, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-34243","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/34243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=34243"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/34243\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=34243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=34243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=34243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}