social media scams are thriving in the crypto spaceY NFT collectors are losing their assets due to attacks carried out through hijacked accounts. The latest example happened last night, with dozens of NFTs and around $30,000 in cryptocurrency stolen through a scam shared through an acquaintance’s account. Web3 game developer.

On Wednesday, the Twitter account of Gabriel Leydon—co-founder and CEO of Limit Break, the gaming startup behind anime-inspired games Ethereal nft Project, digidaigaku— was apparently taken by an unauthorized user. The account proceeded to share a link to what was billed as access to an allow list to secure a mint for a free DigiDaigaku NFT.

Instead, when users interacted with the website and approved the transaction requested by the smart contract—i.e., the code that powers NFTs and freelancers decentralized applications—instead, an attacker stole NFTs and cryptocurrencies from their respective wallets. Transactions made on blockchain networks cannot be reversed by a third party, as a bank or credit card company would in the event of fraud or theft.

The attacker stole dozens of NFTs from users, with a potential total value of tens of thousands of dollars in Ethereum. The most valuable of them, by far, was a Mutant Apes Yacht Club NFT, which the attacker quickly sold for 12.39 ETH (about $19,100 at the time). Also, the wallet seems to have took about $30,000 worth of crypto of the users

Leydon has since recovered his Twitter account and blamed mobile carrier AT&T in a voice message shared via tweet. In a direct message to decipherLeydon claimed that an AT&T employee “didn’t [an] override all my security protections and perform [an] Unauthorized SIM Swap”.

A SIM swap attack is typically used to bypass two-factor authorization protocols on accounts. The attacker can hijack the mobile phone number in question and then use it to gain access to protected accounts, including social networks, where they can then impersonate the account owner.

Leydon claimed an employee “disregarded” the protections put into his AT&T account and said Limit Break is in contact with the company about the allegations. AT&T representatives did not immediately return. deciphercomment request.

Limit Break CEO said decipher that the studio is investigating the attack and will work to help users whose assets were stolen. “It’s a terrible situation, and once we verify that the person was attacked, we will help that person,” Leydon said.

ZachXBT, a well-known pseudonymous blockchain researcher, tweeted that the attack appears to be linked to Monkey Drainera scammer who recently snatched millions of dollars of NFTs and crypto assets.

Twitter has been besieged by similar attacks in recent months. In some cases, the account of a notable NFT artist or project creator is hacked and used to spread these so-called “wallet drainer” scams. The rise of these scams has sparked a debate about the responsibility of the creators of Web3 to compensate users who lose their assets as a result.

At other times, verified accounts of unaffiliated users, such as journalists, have been hijacked, renamed official project accounts, and used to spread exploits. That happened more often earlier this year, especially around projects like Azuki Y Other sidebut it appears that Twitter addressed any security holes that facilitated those verified account exploits.

Limit Break was founded in 2021 by Leydon and Halbert Nakagawa, previously co-founders of mobile game studio Machine Zone, which has produced hit titles like Game of War: Fire Age and Mobile Strike. The Web3 startup raised $200 million, as announced in August, from firms including FTX, Coinbase Ventures, and Paradigm.

DigiDaigaku is advertised as a “free” game aimed at getting away from the volatile play to win model popularized by axie infinity. The project’s original Genesis NFT profile pictures (PFPs) were released in August with a free mint and have spawned over 9,000 ETH worth of trading volume to date, or about $14 million based on the current price of ETH.

Limit Break claims that he bought a commercial space for DigiDaigaku for Super Bowl LVII in February 2023 at a price of 6.5 million dollarsinvesting heavily in a potential opportunity to expose the Web3 project to a wider audience.