Fraudulent IT Professionals Behind $1M Crypto Losses in NFT Protocols
Cybersecurity expert ZackXBT reports hackers impersonating IT workers stole $1 million from Web3 projects by exploiting vulnerabilities in NFT protocols. Targets included Favrr marketplace and NFT projects Replicandy and ChainSaw. The attackers manipulated minting mechanisms to flood markets with NFTs, crashing prices while profiting from sales.
Attack Methodology and Fund Movement
The hackers transferred stolen cryptocurrency through multiple exchanges and wallets. Funds from the ChainSaw breach remain largely inactive, while Favrr assets moved to nested services. This incident highlights ongoing security challenges facing blockchain projects worldwide.
Expanding Cybersecurity Threats
The report connects these attacks to broader security concerns. In 2024, researchers identified Ruby Sleet, a North Korean-linked hacking group targeting defense contractors and IT firms through fake recruitment schemes. Separately, Coinbase disclosed a 2025 data breach affecting 69,461 users when contractors leaked customer information.
Key Security Takeaways
- $1 million stolen through NFT protocol exploits
- Favrr, Replicandy and ChainSaw projects compromised
- Stolen funds routed through multiple exchanges
- Connection to North Korean hacking operations
- Coinbase user data breach case study
