New York-based gallery that collects unique tokens Ross+Kramer has reported via Twitter that it has fallen victim to a phishing scam in which hackers have stolen 16 non-fungible tokens from three different collections: 8 NFTs from the Bored Ape Yacht Club, 7 NFTs from the Mutant Ape Yacht Club and 1 NFT CloneX.
According to the gallery, the hackers have stolen a total of $2.2 million in NFTs.
The user basically clicked on a link leading to a “phishing contract” disguised as a genuine NFT application, allowing this way the contract to spend tokens on its behalf. The attacker has already managed to sell several appropriated tokens on popular marketplace OpenSea. For example, NFT CloneX was sold for 17 ETH.
The rest of the tokens were frozen by the platform at the request of Kramer. The gallery has stated that it has learned an important lesson and has advised other collectors to use hardware wallets to protect their tokens from any possible hacks.
Last week, the buyers of NFTs of Monkey Kingdom lost 7,000 SOL tokens valued at $1.3 million as a result of another phishing attack. According to PhishLabs, the total volume of phishing attacks across all industries grew 22% in the first half of 2021.