Hackers are targeting Bitcoin hot wallets – here's how they do it

The founder of the Ordinal Rugs project said that hackers targeted members of the Bitcoin Rock Discord server on Tuesday and stole Ordinal inscriptions worth 1.47 BTC (approximately $103,003) and 4 BTC (approximately $208,196) from their wallets.

Ordinal numbers are featured in digital collections. According to a report by Dune Analytics, more than 63 million inscriptions have been minted on the Bitcoin blockchain, and 6,388 BTC, or approximately $450 million, has been paid in fees alone to date. This makes Bitcoin an attractive target for hackers.

“In the 10 years I’ve spent in cryptocurrencies, this is the first time I’ve lost a significant amount of money to hacking or fraud (let alone a wallet leak),” pseudonymous founder Alcon revealed in a tweet thread – Powerful He admitted that he was negligent despite implementing strict security controls.

“I am not one to take operational security lightly,” they wrote. “I authenticate all my personal logins with Yubikey and the majority of my crypto assets/ordinals are secure in hardware + multisig wallets.”

Cyberattacks targeting cryptocurrency wallets are common, and celebrities and prominent communities are frequently targeted. In May 2022, actor Seth Green was the victim of a phishing attack that robbed him of his Bored Ape Yacht Club NFT. Traditionally, thieves have focused on the Ethereum and Solana blockchains, but Ordinal is a hot new feature that is attracting fraudsters and making Bitcoin wallets their targets.

As Archon explained, the hack began with a message sent to members of the Bitcoin Rock Discord promoting a popular Runestones Ordinals giveaway. This account contained a link to a malicious clone of the Magic Eden NFT website. Once Archon connected his wallet to the site and signed the transaction, the thief was able to steal the NFT.

“We don't know if anyone else was affected,” Alcon said. Decryption. “I noticed [the theft] Less than a minute after signing [transaction]”

The hackers used one of the stolen inscriptions, 53,109,400, to pay transaction fees.

“No associated funds/accounts/logins” [Ordinal Rugs] I was affected… This is just my personal wallet and I have only myself to blame here,” Alcon said. “Needless to say, I will not allow something like this to happen again.”

According to blockchain security firm Halborn, a lack of due diligence and FOMO causes collectors to make mistakes they wouldn't normally make.

“By pinging the entire server, he thought the message was from an administrator, so he essentially trusted the URL and clicked on it,” said David Schwed, Halborn's chief operating officer. Masu. Decryption. “So it's really just a piece of social engineering and phishing.”

Phishing is a type of cybercrime that attempts to steal something of value (in this case, an NFT) through a deceptive email, website, or social media.

Schwed emphasized that websites can be easily cloned and said wallet users need to be especially vigilant, including double-checking website URLs.

“There are plugins that will alert you to fake domains,” Schwed told Decrypt. “You can find out when a domain was registered, etc.”

Schwed said another option is to use browser extensions that block newly observed or newly registered domains.

Not wanting to be left behind in the Ordinals craze, a cottage industry of compatible wallets has sprung up online, but they have a history and struggles gleaned from the attacks suffered by older NFT-enabled wallets like MetaMask and Phantom. They lack the wisdom they have gained through the years. The veteran provider has the battle scars to prove its commitment to security, boasting features like his Blockaid and malicious attack alerts that newer wallets may not have.

“Some wallets have security built in, some don’t,” Shved said, referring to MetaMask and BlockAid’s integration last year. “Many of them are focused on smart contracts, which may be why they targeted BTC.”

Edited by Ryan Ozawa.