NFT projects lost roughly $1 million in crypto over the past week when hackers posed as IT staff and struck at the heart of minting systems. The breach hit fan-token marketplace Favrr and Web3 initiatives Replicandy and ChainSaw, among others.
According to onchain investigator and cybersecurity analyst ZackXBT, the attackers pushed out mass batches of NFTs, drove floor prices to zero, then cashed in their haul before teams could react.
Based on reports, the group quietly joined development squads under false identities. They gained insider access to minting contracts. Then they minted thousands of tokens and NFTs in moments.
The sudden flood crushed floor prices and let the thieves grab hot cash in minutes. It all unfolded in under a week, and about $1 million vanished from these projects’ treasuries.
https://twitter.com/zachxbt/status/1938598925004607629?ref_src=twsrc%5Etfw” rel=”nofollow noopener” target=”_blank
Favrr suffered one of the biggest hits. The thieves dumped tokens so fast the market couldn’t catch up. Replicandy and ChainSaw saw similar moves. At Replicandy, floor values hit zero almost instantly.
ChainSaw’s stolen crypto still sits inactive in wallets, waiting for launderers to stir it back into exchanges. ZackXBT pointed out that nested services then further obscured the money trail.
https://twitter.com/zachxbt/status/1938598958449983956?ref_src=twsrc%5Etfw” rel=”nofollow noopener” target=”_blank
Onchain transfers moved funds through multiple exchanges and wallets. Analysts say tracing mixed outputs can take weeks. Exchanges must review huge logs.
That slows or even blocks law enforcement from locking down accounts. In the Coinbase data leak back in May 2025, about 69,461 customers had personal info exposed.
Contractors were bribed to hand over user data, leading to an extortion bid against the exchange.
The NFT/Web3 insider episode echoes Ruby Sleet’s tactics. In November 2024, that group targeted aerospace and defense firms, then shifted to IT companies via fake hiring drives.
They used social engineering to plant malware and harvest credentials. Today’s blockchain and NFT hacks show that open and irreversible ledgers magnify mistakes. When insiders gain privileges, there’s often no undo button.
Security experts warn teams to rethink trust models. Zero‑trust approaches limit each engineer’s reach. Multi‑party approval gates could block sudden minting spikes.
Real‑time activity monitors can flag odd behavior right away. And code reviews paired with identity checks for every new hire help close gaps before they’re abused.
Featured image from Vecteezy, chart from TradingView
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Our investment team is closely monitoring the developments in the Middle East and the impact…
New Zealand’s Defence Force says a North Korean ship was observed engaging in a possible…
Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure The White…
A Surrey, B.C. woman said she can finally breathe following the arrest of an accused…
Quebec’s premier met on Monday in Washington D.C. with Jamieson Greer, the top trade negotiator…
Our global markets watchlist tracks nine prominent indexes from economies around the world. The list…