Creature Toadz NFT project suffered a theft of around $340,000 when a hacker, posing as a moderator, convinced community members to send 88 ETH to an address he controlled yesterday. However, in a surprising turn of events, he returned all of the stolen assets to the project.
Hacker defrauds Creature Toadz community members of $340,000
The hacker, whose username was revealed to be HEERR on Twitter, was able to hack into the Discord server of the project using a Webhooks vulnerability present on the social media site to hijack the channel.
They then proceeded to pose as a moderator of the project before asking unsuspecting community members to “stealth mint” Creature Toadz via a web link.
Before the members could deduce that this was a fraud, they had collectively sent 88ETH which translated to roughly $368,000 to the hacker’s address. The Creature Toadz NFT team revealed that their channel was compromised for close to 45 minutes.
While the hacker later returned all of the stolen funds to the team behind the project, his intentions are being questioned as some have placed him in the same class as the hacker who hacked Poly Network but later returned the fund.
On the other hand, some community members of the project believe he only returned the stolen funds because his identity was unraveled by an analyst who was also a community member of the project.
How his identity was unraveled
An anonymous NFT analyst, OKHotShot, trailing the hacker’s Ethereum transaction history was able to deduce that the hacker was HEERR who claimed to be “a 17-year-old high school student” and that the hack was only meant to be “a joke.”
.@CreatureToadz after finding out the scammer was (is) in our spaces I called him out directly “do the right thing, give the ETH back”. Now it turns out the scammer listened and returned the 88 ETH back to team: pic.twitter.com/3KnHfMBTcz
— OKHotshot.eth (@NFTherder) October 20, 2021
The above was revealed during a discussion held on Twitter by Andrew Wang and the Creature Toadz community where the hacker publicly claimed responsibility for the hack. It was during this discussion that OKHotShot beseeched the hacker to return the stolen funds to the team.
After the session, the hacker returned the funds to the Creature Toadz team who have chosen not to press charges against the attacker.