Defiance Capital founder’s wallet theft case solved, another social engineering attack

On March 22, 2022, Twitter user StockEd NFT’s tweeted that Defiance Capital founder Arthur Cheong’s wallet was suspected of being stolen, and Arthur reposted it to confirm the theft.

Arthur’s stolen assets

The address on the chain shows that the hacker’s address is 0xe47E8cD58c8E95F765e642d7dCB898f622ceFA83, which has been marked as Arthur0x Wallet Hacker by ethscan.

According to Cointelegraph, 78 NFTs were stolen from Arthur’s wallet, mainly Azukis, CloneX and Second Self series NFTs; in addition, 68 WETH, 4349 stkDYDX and 1578 LOOKS tokens were stolen.


Hackers then started selling the stolen NFTs on Opensea.

In addition, Golden Finance noticed that Arthur Cheong, the founder of Defiance Capital, was suspected of being a Chinese. After the theft, he tweeted in a hurry, “The house leaked in the night rain, and the ship was delayed and hit the wind .”

how was it stolen

Arthur later said that the possible root cause of the exploit was identified, which was a targeted social engineering attack. Hackers shared a virus-containing PDF document with a mailbox that looked like Defiance Capital’s portfolio company, and it was the kind of scary document.

Arthur said he received a spear-phishing email that does appear to be sent by one of our portfolio companies (guildfi) with industry-related content.LsuxL1lLrEcVCL5yCfwpMN08eOTLU7thFLAa9mG5.jpeg

Arthur wrote that being careless about this as it came from 2 seemingly legitimate sources. After opening the file, the PDF document opened despite seeing the warning below, and then it was stolen.


Can stolen assets be recovered?

The conclusion is that it may be difficult to recover.

Some NFTs require Arthur to buy them back. Twitter user “Cirrus” purchased two stolen Azuki NFTs and shouted that Arthur decided to return them to Arthur at cost.


Some NFTs have changed hands many times. Taking Azuki #1587 as an example, it has already changed hands twice from E47E8C to EBanzir to CA41A5. The transaction from EBanzir to CA41A5 is still completed through the gem.xyzNFT transaction aggregator .


As of press time, there are 585 ETH, 4,349 stkDYDX, 1,578 LOOKS tokens, and 2,821 LDO in the hacker’s wallet, with a total value of about $1.777 million.


Among them, 2821 LDOs were transferred to Arthur’s address 3 hours after the theft. I don’t know if it was hacking or someone else didn’t know that Arthur was stolen and transferred by mistake?

Hackers have obtained more than 500 ETH by selling NFT, and ETH is well mixed through Tornado.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-03-22 09:55
Next 2022-03-22 09:57

Related articles