Ordinal Rugs project founder falls victim to phishing, losing 1.47 BTC ($102,500) and 4 BTC ($278,000) in Bitcoin “rugs”.
In his ten years in the crypto industry, the head of the platform, known as Archon, admitted this was the first time he had lost a significant sum of money due to hacking/fraud (let alone a wallet drain).
Wallet Drained, A Port-Mortem…
Earlier today I fell victim to a wallet drainer on one of my personal hot wallets, losing 1.47 BTC plus around ~4 BTC worth of ordinals ($300k+ USD)
In the ten years I've spent in crypto, this is the first time I've lost a sizable amount… pic.twitter.com/nhsBDmrWWV
— Archon ⚡️ (@bitarchon) March 26, 2024
The hack began with a message sent to members of the Bitcoin Rock Discord server advertising a giveaway of popular ordinal Runestones. The link in the post led to a fake NFT-marketplace site called Magic Eden.
When Archon connected his wallet to the site and signed a transaction, the hacker was able to steal his coins and “rugs”. He confessed to being careless, forgetting about the main security rules.
“The wallet affected was intended for minting [Bitcoin-NFT] only, but over time I started to get careless by leaving more ordinals on there as well as funds for purchasing/trading,” he noted.
He discovered that a new way to manipulate pings in the channel had emerged, using a “markdown flow.” He concluded that even large and well-protected servers were at risk of being attacked.
“All in all, this way an extremely painful lesson. Truly nothing worse than the moment you realize your wallet has been drained. It goes without saying but be vigilant when it comes to connecting your wallets on giveaways/mints,” reminded the Ordinal Rugs founder.
Archon concluded by stating that the project’s wallets were not affected. He also thanked some community members for redeeming two stolen “rugs” and returning them to him.
Earlier, analysts at Pocket Universe warned of global crypto phishing on Discord, stating that criminals had learned to embed malicious links directly into messages to disguise them.
Recall that on March 19, unknown hackers compromised the account of The Open Network blockchain in X and posted a fake post about an airdrop.
In the same month, X-accounts of several influential figures in the crypto industry were compromised to promote the PACKY scam token. The hacker gained access through the IFTTT (If This then That) automatic post publishing service.