Cybercriminals who hacked the Twitter account of famous nonfungible token (NFT) artist Beeple stole $438,000 worth of cryptocurrency and NFTs from his followers on Sunday, May 22, 2022. The attackers impersonated the artist, whose real name is Mike Winkelmann, by posting tweets that falsely advertised a new digital art collaboration with the luxury fashion house Louis Vuitton. The phishing links in these tweets directed victims to a malicious website that drained their crypto wallets.
The Hack and Its Impact
The hackers gained control of Beeple's Twitter account for several hours on Sunday afternoon. They changed the account's bio to promote a raffle for a so-called "Louis Vuitton x Beeple" collection. In reality, Beeple had collaborated with Louis Vuitton in 2019, but no new joint project existed. The first phishing tweet netted approximately 36 Ether (ETH), worth about $73,000 at the time, while a second tweet resulted in losses of $365,000 in various cryptocurrencies and NFTs. According to blockchain security firms, the total stolen reached $438,000.
When followers clicked on the fraudulent links and connected their wallets to the fake raffle, the attackers automatically transferred funds and NFTs from the victims' wallets to their own. The scam used a technique known as "wallet draining," where malicious code executes a series of transactions without the user's explicit consent after they authorize a single interaction.
Beeple later confirmed the breach via his restored account, tweeting: "I got hacked. DO NOT click any links. DO NOT mint anything. DO NOT buy anything. Anything too good to be true IS A FCKING SCAM." He also thanked his followers for their support and stated that he was working with Twitter support to resolve the issue. It remains unclear who orchestrated the attack or whether law enforcement agencies are investigating.
Background on Beeple and the NFT Market
Beeple rose to prominence in March 2021 when his digital artwork "Everydays: The First 5000 Days" sold for $69.3 million at Christie's auction house, making it the most expensive NFT ever sold and the third most expensive artwork by a living artist. This sale ignited a frenzy around NFTs, which are unique digital tokens verified on a blockchain.
Since then, Beeple has produced several high-profile projects, including a controversial collaboration with pop star Madonna in May 2022. The collection, titled "Mother of Creation," featured three animated NFTs showing a nude Madonna giving birth to trees, butterflies, and mechanical centipedes. One of the pieces was purchased by art dealer Adam Lindemann for approximately $146,000.
Beeple's early work began in 2007 when he started creating a new digital image every day, a project he has continued without fail. His style often satirizes pop culture, politics, and technology, and his success has made him a central figure in the NFT community.
The Growing Plague of Crypto and NFT Scams
The Beeple hack is part of a broader trend of cybercrime targeting the cryptocurrency and NFT ecosystem. According to a report by Atlas VPN, more than $1.3 billion worth of cryptocurrency was stolen in the first four months of 2022 alone. Scammers increasingly use phishing attacks, fake giveaways, and social media account takeovers to trick users into revealing private keys or approving malicious transactions.
In April 2022, investigators from the Internal Revenue Service (IRS) and other global tax regulators issued a warning about the growing risks of fraud and money laundering in the NFT space. The report noted that the anonymity and irreversibility of blockchain transactions make NFTs attractive for illicit activities. Common scams include rug pulls (where developers abandon a project after raising funds), pump-and-dump schemes, and counterfeit NFTs.
Social media platforms like Twitter have become prime targets for hackers because they offer a direct line to large audiences. High-profile accounts belonging to celebrities, politicians, and artists are frequently compromised. In 2020, a massive Twitter hack targeted accounts of Barack Obama, Elon Musk, and Bill Gates, promoting a Bitcoin scam that netted over $100,000. Such incidents underline the vulnerability of centralized social media systems.
How the Beeple Scam Worked
The attackers used a multi-step process. First, they gained access to Beeple's Twitter account, possibly through phishing, credential theft, or a SIM swap attack. Once inside, they changed the bio to describe a "Louis Vuitton x Beeple" raffle. The two tweets posted by the hackers contained links to a website that mimicked a legitimate NFT minting platform. When victims connected their MetaMask or other Web3 wallets to claim a supposed free NFT, the website prompted them to approve a transaction. That approval gave the hackers permission to transfer the victim's tokens to their own wallet.
Blockchain analysis shows that the stolen assets included Ether, stablecoins like USDC, and several NFTs, including some from popular collections like Bored Ape Yacht Club. The hackers quickly moved the funds through mixers and exchanges to obscure their trail. As of this writing, none of the assets have been recovered.
Lessons for NFT Collectors and Crypto Users
The Beeple incident serves as a stark reminder of the risks in the decentralized world. Security experts advise users to always verify announcements through official channels, never click on shortened or suspicious links, and use hardware wallets for storing significant assets. Additionally, enabling two-factor authentication (2FA) on social media accounts and using a password manager can help prevent account takeovers.
For NFT collectors, it is crucial to scrutinize smart contract permissions before approving any wallet interaction. Many wallets now provide warnings about potentially dangerous transactions. Being skeptical of "too-good-to-be-true" offers, as Beeple himself emphasized, is the first line of defense.
Beeple's Response and Aftermath
Following the hack, Beeple's Twitter account was restored, and the fraudulent tweets were deleted. He posted a warning to his 650,000 followers and urged them to report the scam if they had fallen victim. The artist did not comment on whether he would compensate those who lost funds, but he reiterated that he would never announce a project in such a spontaneous manner.
The incident has once again highlighted the need for better security practices among influential figures in the crypto space. Beeple's immense popularity makes his account a high-value target. The $438,000 loss is a fraction of the wealth in the ecosystem, but it underscores how quickly trust can be exploited.
In the broader context, the NFT market has experienced a downturn since its peak in 2021, but scams continue to proliferate. Regulators worldwide are grappling with how to protect investors without stifling innovation. The IRS and other agencies are developing frameworks to track NFT transactions and enforce anti-money laundering rules.
For now, Beeple's followers are left counting their losses and hoping for better security from both the artist and the platforms that host his content. The incident serves as a cautionary tale for the entire crypto community.
Source: Forbes News