NFT project Monkey Kingdom loses $1.3M in phishing attack

Phishing attack are becoming increasingly common. This time it was Hong Kong-based NFT project Monkey Kingdom that was at the receiving end of it. According to reports, the platform was hacked that resulted in a loss of over $1 million worth of cryptocurrencies.

Solana-blockchain based non fungible token (NFT) project, Monkey Kingdom, promoted by notable celebrities such as JJ Lin and American DJ Steve Aoki, reported a loss of over $1.2 million through a security breach on the popular online instant messaging service, Discord. The main culprit – A phishing link

Attack on Baepe

According to the announcement, the first hack was made through a breach in Grape, a popular solution for verifying users on Solana. The hacker then targeted the administrator account of the NFT project’s chat group on Discord posting a phishing link which looked exactly like the original website. Users who followed the fraudulent link and connected their wallets expecting to receive an NFT, instead were drained of their SOL tokens by the scammer. 

The attack which drained buyers off 7,000 Solana (SOL), happened just before a scheduled party with Steve Aoki to celebrate a new minting collection, “Baepe”. The Baepes is a collection of 2,221 female Wukongs . The amount from the sale of the NFTs were supposed to go to selected charity.

Sun Wukong- Legendary Mythical Creature

Monkey Kingdom, is one of the most successful NFT projects to have originated in Asia consists of a collection of of 2,222 randomly generated 32×32 pixels of Sun Wukong, otherwise known as “The Monkey King” in Chinese folklore. The project aims to compete with prominent NFT projects such as CryptoPunks and Bored Ape Yacht Club. The project had earlier stated,

“We believe in the Monkey Kingdom mission, and will make it a point to champion the Asian voice in the Web 3.0 ecosystem – shining a light on our rich cultures, and sharing it with the world,”

Monkey Kingdom further announced on Twitter that the users who have been scammed will be compensated. All of the minted tokens, “Baepe” will be cancelled and a new line-up will be launched. The old collection neither will be verified nor tradeable in any marketplaces. 

Social-engineering attack

Phishing attacks have become rampant over the recent years. Phishing is a type of cybersecurity attack where the perpetrators send messages pretending to be a trusted person or entity to trick the victims into revealing sensitive information. Recently, Animoca Brands was exploited in a similar attack targeting users on Discord with fake NFT drops resulting in a loss of over $1.1 million. This comes at a time when sales volume of NFTs have surged to almost $10.7 billion in the third quarter of 2021.