Security is a constant concern, no matter what platform you use. And despite the implementation of important measures, the Sandbox has been a victim of hacking.
Rent your monkey nft for 40 eth! The good deal!
The 2FA, this measure which implies to have to pass by a third application to authenticate itself, is an obligation today to secure an account. But unfortunately, even this measure is circumventable, the Sandbox team has had the proof.
Generally speaking, Discord is targeted for phishing attacks. But, this time, it is on Instagram that the hacker managed to bypass the security.
He took the opportunity to promote an event (fake of course) to win a “land” on Sandbox. According to Sebastien Borget, co-founder of Sandbox, the smart guy did not stop there. He would have contacted several followers of the account who have a profile picture with one of the famous monkeys of the Bored Ape Yacht Club. He would have offered them to rent their NFT for an amount of 40 ethers (about $68,000). The owners, in exchange for this amount, allowed him to use their NFT for 24 hours.
Effective security measures. Under normal circumstances
According to its creator, the Sandbox managed to regain control of its Instagram account very quickly, thanks to the social networking platform’s security team. They were able to fix the link in profile, which the hacker had changed, and remove the fake “lottery” posts.
The Sandbox team is reportedly working with Instagram’s team to understand how the hacker was able to bypass the means of protection, and thus the 2FA, so that a potential security breach can be fixed.
It is currently unknown if the phishing has caused many victims, in any case one of the Instagram users announced that he clicked on the link, and lost NFT.
Whatever account you follow, famous or not, always be very, very careful with the links you are given. Even more so when they come in PM (like with the monkey NFT rental), or when the account offering you a contest isn’t doing it in the usual way. It’s better to miss a real opportunity, than to have your wallet punctured!