The famous blockchain NFT security detective, ZachXBT, has found the scammers responsible for the recent Beeple hack in May. This hack resulted in a phishing scam raising over $450 thousand for the scammers. Significantly, Beeple’s Discord was also under attack yesterday. Apparently, the links for his Discord redirect fans and followers to a copycat server that will drain NFTs and tokens from those who interact with it. The attacks on Beeple are the latest example of high-profile individuals being targeted to scam their followers.
Beeple hackers stole over $450 thousand!
Beeple is one of the most famous NFT artists in the world and has a substantial online following, both in the NFT world and the broader art community.
In May, he tweeted an announcement about an upcoming collaboration with Louis Vuitton, along with a website link. In this tweet, he told his 700 thousand followers that this was a raffle, with a 1 ETH entry fee. Significantly, Beeple also stated that losing entries would be refunded, making it a win-win situation.
However, there was a huge problem. This was not Beeple tweeting. It was an elaborate hack. Scammers had managed to get hold of Beeple’s Twitter account and posted fake news alongside a link, which led to a phishing site. Because of the artist’s popularity and the value of his NFTs, many people rushed to enter and clicked on the link.
Within hours, Beeple recovered his account, but unfortunately, over $450 thousand (225 ETH) was stolen from people in that short period.
ZachXBT investigates massive Beeple hack
ZachXBT is a pillar of the NFT community. He is a self-proclaimed on-chain sleuth who dedicates his free time to finding hackers and scammers on the blockchain. Since NFTs have exploded in popularity, scammers have been trying to exploit any vulnerabilities. People like ZachXBT are at the front line, attempting to stop this from happening.
In the case of the Beeple hack, Zach has identified three people he believes are responsible for the attack. In a tweet this afternoon, he said, “Time for an investigation into the @beeple Twitter hack which resulted in $450k+ stolen, where those funds are now, and tracking down the three people responsible.”
So, who is responsible for the Beeple hack?
ZachXBT has identified Cam Redman, Two1/Youssef, and another person called @bandage on Twitter but also goes by ShinePranked or Shayan.
So how did this happen? According to ZachXBT, Cam Redman sold Twitter panel access to Two1/Youssef and @Bandage. Two1/Youssef and @Bandage then used the access to Tweet phishing links from Beeple’s official verified account.
He could identify Cam due to previous investigations in which he discovered that Cam was selling panel access to scammers. This allows them to take over a person’s Twitter account and perform scams.
Notably, ZachXBT also identified Cam as early as February 2020 as a suspicious person. Apparently, they SIM swapped $37 million worth of Bitcoin & Bitcoin Cash from one unlucky individual.
Scammers use crypto tumbler Tornado Cash to hide funds
In the hours following the scam, the two attackers, 0xF305F6073CFa24f05FF15CA5b387DD91f871b983 and 0xcad7fc974F61A08ADEF110D1BA446fa5b5B5Bb27 began to funnel money into Tornado Cash. They sent over 100 ETH to Tornado, and then sent it from there to another account, 0x2Fc55F49783Caf72628eb3fe0380671ed9A57684.
This cryptocurrency tumbler acts as a coin mixer, allowing individuals to break the links between on-chain transactions and enhance transaction privacy.
However, it is extremely popular with scammers and individuals attempting to delete the trail of their actions. Unfortunately for scammers, there is always a trail to follow.
ZachXBT identified the 0x2F address as Two1/Youssef because they sent the ETH to another account, which Two1 – known on Twitter as @uwu – was tweeting images of back in June.
Although the attackers sent the stolen ETH across various accounts, ZACHXBT has managed to trace a large quantity of the stolen funds.
What happens next?
Unfortunately, not much is possible right now. ZachXBT has reported the accounts involved in the Beeple hack and has logged a report on Chain Abuse. In addition, the accounts will most likely have a phishing warning attached to them.
If there is enough evidence, people affected by the hack can file a legal claim. For now, ZachXBT has identified the attackers by their aliases. Hopefully, this reminds people to use more caution in the NFT space and to remember the old phrase – If it’s too good to be true, it probably is.
Finally, in response to the investigation, Beeple created a unique art piece for ZachXBT. In the image is a towering figure of Zach’s pfp in a dystopian wasteland filled with rats.
Beeple also tweeted, “Massive thanks to @zachxbt for exposing these assholes. please remember to SLOW DOWN before acting in this space. especially when you are operating with a wallet full of stuff.”