Pepe meme creator’s NFT projects hit for $1 million as contract hijackers drain collections
The post Pepe meme creator’s NFT projects hit for $1 million as contract hijackers drain collections appeared on BitcoinEthereumNews.com. Projects tied to Pepe meme creator Matt Furie and the NFT studio ChainSaw lost roughly $1 million to contract takeover exploits last week, according to on-chain investigator ZachXBT. On June 27, ZachXBT reported transaction records showing that the attacker seized control of the “Replicandy” contract at 4:25 a.m. UTC on June 18 by transferring ownership to the externally owned address 0x9Fca. Two hours later, the new owner withdrew mint proceeds and, at 5:11 a.m. the next day, reopened the mint, issued fresh NFTs, and dumped them into open bids, pushing the floor price to zero. On June 23, the same address took over three additional ChainSaw contracts: Peplicator, Hedz, and Zogz. The bad actor then repeated the mint-and-dump cycle. ZachXBT estimated the combined theft at more than $310,000 and linked the funds to three collector addresses: 0xf6a9, 0x7e58, and 0x58f4. He traced a 2.05 ETH payment from 0x9Fca to an exchange deposit that converted to 5,007.91 USDT and was then moved to MEXC. He subsequently mapped many smaller monthly deposits from unrelated projects into the same exchange wallet. Two GitHub accounts, “devmad119” and “sujitb2114,” list wallets that intersect the stolen fund trail. Both accounts share indicators that ZachXBT associated with North Korean IT workers, including Korean language system settings, Astral VPN sessions, and Asia-Russia time zones, despite résumés that claim US residency. Favrr exploit follows the same payroll path A second incident surfaced on June 25, when the freelance services token project Favrr lost more than $680,000 following its listing on a DEX. On-chain analysis linked the exploit to the consolidation wallet 0x477, which received recurring payments from Favrr payroll addresses 0x1708 and 0x6412. Gate.io deposit address 0xab7 received part of the stolen Favrr tokens, and was previously funded by the suspected developer behind “sujitb2114”. Favrr announced that it would…
The post Pepe meme creator’s NFT projects hit for $1 million as contract hijackers drain collections appeared on BitcoinEthereumNews.com.
Projects tied to Pepe meme creator Matt Furie and the NFT studio ChainSaw lost roughly $1 million to contract takeover exploits last week, according to on-chain investigator ZachXBT. On June 27, ZachXBT reported transaction records showing that the attacker seized control of the “Replicandy” contract at 4:25 a.m. UTC on June 18 by transferring ownership to the externally owned address 0x9Fca. Two hours later, the new owner withdrew mint proceeds and, at 5:11 a.m. the next day, reopened the mint, issued fresh NFTs, and dumped them into open bids, pushing the floor price to zero. On June 23, the same address took over three additional ChainSaw contracts: Peplicator, Hedz, and Zogz. The bad actor then repeated the mint-and-dump cycle. ZachXBT estimated the combined theft at more than $310,000 and linked the funds to three collector addresses: 0xf6a9, 0x7e58, and 0x58f4. He traced a 2.05 ETH payment from 0x9Fca to an exchange deposit that converted to 5,007.91 USDT and was then moved to MEXC. He subsequently mapped many smaller monthly deposits from unrelated projects into the same exchange wallet. Two GitHub accounts, “devmad119” and “sujitb2114,” list wallets that intersect the stolen fund trail. Both accounts share indicators that ZachXBT associated with North Korean IT workers, including Korean language system settings, Astral VPN sessions, and Asia-Russia time zones, despite résumés that claim US residency. Favrr exploit follows the same payroll path A second incident surfaced on June 25, when the freelance services token project Favrr lost more than $680,000 following its listing on a DEX. On-chain analysis linked the exploit to the consolidation wallet 0x477, which received recurring payments from Favrr payroll addresses 0x1708 and 0x6412. Gate.io deposit address 0xab7 received part of the stolen Favrr tokens, and was previously funded by the suspected developer behind “sujitb2114”. Favrr announced that it would…
What's Your Reaction?
