Newspaper Twitter account hacked to advertise Goblintown phishing rip-off

A Twitter hacker has compromised the account of EL Common, a Latin American newspaper, to advertise a fraudulent goblintown.wtf giveaway, an Ethereum-based non-fungible token (NFT) challenge, on-chain analyst @NFTherder unveiled.

Perhaps somebody ought to inform the Latin American Newspaper Affiliation that considered one of their newspaper’s @ElUniversal twitter account was hacked on June 4th and has been spamming Goblingtown rip-off nft tweets ever since. I imply, they solely have 5 million followers … pic.twitter.com/rP55MEdDZo

— OKHotshot (@NFTherder) June 9, 2022

The attacker modified El Common’s Twitter title to goblintown.wtf, however left the username, @ElUniversal, intact. Moreover, the malicious actor linked a phishing URL to the account, hoping to steal from unwitting goblintown.wtf holders. The URL swaps the N on the town with M.

In accordance with @NFTherder, the attacker took management of El Common’s account – which has 5.1 million followers – on June 4. Since then, the hacker has posted fraudulent tweets, promising to airdrop a further 10,000 Goblins.

The goblintown.wtf assortment has 9,999 NFTs, with the most cost effective going for five Ethereum (ETH).

Whereas the extent of the assault stays unknown, a Twitter consumer going by @topshotkief.eth claims to have misplaced 10 NFTs to the rip-off. Particularly, the consumer alleges that the attacker stole two Mutant Ape Yacht Membership (MAYC) items and eight Cool Cats.

@NFTherder additional revealed:

In fact the Goblintowm rip-off does ApprovalForAll to steal the property of those who approve. It additionally appears the pockets answerable for @ElUniversal twitter account hack beforehand pulled off an Azuki Beanz rip-off.

After in-depth evaluation, the analyst discovered that the deal with behind the goblintowm rip-off and the Azuki Beanz assault is similar.

Attackers proceed concentrating on initiatives making headlines

This information comes after goblintown.wtf launched on Could 22 and rapidly rose to the highest of NFT charts. Regardless of being lower than a month outdated, the challenge has recorded a buying and selling quantity exceeding $70 million, in response to information from Cryptoslam. Goblintown.wtf’s success comes as flagship NFTs collections like CryptoPunks, BAYC, Meebits, and Mutant Ape proceed declining.

The goblintown.wtf rip-off comes as dangerous actors proceed attacking the NFT area. Earlier this month, an attacker compromised the Discord server of Yuga Labs’ Bored Ape Yacht Membership (BAYC) challenge and stole roughly $355,000 price of NFTs.

Earlier than this, an exploit on BAYC’s Instagram account resulted within the theft of a minimum of 54 NFTs. This hack got here just a few days forward of Yuga Labs’ overhyped metaverse launch.

In Could, famend digital artist Mike Winkelmann – professionally often called Beeple – had his Twitter account hacked. This assault got here after Beeple partnered with trend big Louis Vuitton to create 30 NFTs.