NFT projects lost roughly $1 million in crypto over the past week when hackers posed as IT staff and struck at the heart of minting systems. The breach hit fan-token marketplace Favrr and Web3 initiatives Replicandy and ChainSaw, among others.
According to onchain investigator and cybersecurity analyst ZackXBT, the attackers pushed out mass batches of NFTs, drove floor prices to zero, then cashed in their haul before teams could react.
Based on reports, the group quietly joined development squads under false identities. They gained insider access to minting contracts. Then they minted thousands of tokens and NFTs in moments.
The sudden flood crushed floor prices and let the thieves grab hot cash in minutes. It all unfolded in under a week, and about $1 million vanished from these projects’ treasuries.
https://twitter.com/zachxbt/status/1938598925004607629?ref_src=twsrc%5Etfw” rel=”nofollow noopener” target=”_blank
Favrr suffered one of the biggest hits. The thieves dumped tokens so fast the market couldn’t catch up. Replicandy and ChainSaw saw similar moves. At Replicandy, floor values hit zero almost instantly.
ChainSaw’s stolen crypto still sits inactive in wallets, waiting for launderers to stir it back into exchanges. ZackXBT pointed out that nested services then further obscured the money trail.
https://twitter.com/zachxbt/status/1938598958449983956?ref_src=twsrc%5Etfw” rel=”nofollow noopener” target=”_blank
Onchain transfers moved funds through multiple exchanges and wallets. Analysts say tracing mixed outputs can take weeks. Exchanges must review huge logs.
That slows or even blocks law enforcement from locking down accounts. In the Coinbase data leak back in May 2025, about 69,461 customers had personal info exposed.
Contractors were bribed to hand over user data, leading to an extortion bid against the exchange.
The NFT/Web3 insider episode echoes Ruby Sleet’s tactics. In November 2024, that group targeted aerospace and defense firms, then shifted to IT companies via fake hiring drives.
They used social engineering to plant malware and harvest credentials. Today’s blockchain and NFT hacks show that open and irreversible ledgers magnify mistakes. When insiders gain privileges, there’s often no undo button.
Security experts warn teams to rethink trust models. Zero‑trust approaches limit each engineer’s reach. Multi‑party approval gates could block sudden minting spikes.
Real‑time activity monitors can flag odd behavior right away. And code reviews paired with identity checks for every new hire help close gaps before they’re abused.
Featured image from Vecteezy, chart from TradingView
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Calgary police have laid several assault charges against two patrons, after a chef and a…
Investors looking for the Fed to cut interest rates should probably adjust their expectations, as…
Australian Federal Police have not made any arrests but say inquiries are ongoing.A group of…
Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure Bets on…
Members of the Wei Wai Kum First Nation marched through the streets of Campbell River,…
By Kelly Geraldine Malone The Canadian Press Posted May 26, 2026 7:08 pm 1 min…