- The Instagram account of the Sandbox metaverse game has been hacked.
- Attackers are trying to dupe users with a fake NFT giveaway.
- The account was compromised despite having 2FA enabled.
The Sandbox, a popular and of the first metaverse games, has taken a hit, according to founder Sebastien Borget, who recently revealed on Twitter that the project’s official Instagram has succumbed to a hacking attack once again. As such, the founder has warned the community not to click on the malicious link posted by the attackers on the accounts bio section.
⚠️ Our Instagram account has been compromised 1 hour ago – despite 2FA and more protections. ⚠️ We’ve notified @instagram to resolve this
⛔️ Do NOT click on the new link on The Sandbox Instagram account bio or fake “Season 4 Raffle”
🙏 Stay SAFE and alert. Thanks for reporting pic.twitter.com/cv2h3GZTo1
— Sebastien 🏞 (@borgetsebastien) September 8, 2022
According to Borget, the project’s Instagram account was compromised earlier today. What’s more concerning is the fact that the account had the highest level of security Instagram offers enabled with 2FA on.
However, despite having multi-factor authentication enabled, which is an identity and access management security method that requires two forms of identification to access resources and data, the attackers seem to have bypassed it.
The attackers have put a malicious link on the channel’s bio with the aim of tricking unaware users under the disguise of a fake ‘OFFICIAL Season 4 Raffle’. When a user clicks on the malicious link, they are redirected to a fake website that barely mimics Sandbox’s official website.
The site then prompts users to connect their Ethereum wallet to be able to win a free NFT.
It is unclear whether anyone has actually fallen victim to this latest attack. The website put up in the bio has a slightly different spelling and can be easy to overlook. The fake website spells thesandboxesgame, instead of the official thesandboxgame.com.
Despite being easily spotted upon careful observation, people have still fallen for such scams in the crypto industry.
According to Borget, Instagram has been alerted, and it is yet to be seen how the story unfolds from here. However, it must be noted that this isn’t the first time the project has become the victim of an Instagram hack.
Earlier in August, The Sandbox fell for a similar attack where a phishing link was added by hackers in the project’s official instagram account’s bio to dupe users. It was also revealed that only one user had been defrauded by the scam and that the firm was assisting the victim in order to “solve his situation.”
Four NFTs were discovered in the hacker’s wallet, having been transferred from two other wallets following the breach. The World of Women Galaxy NFT was one of the four NFTs that Yam Karkai herself illustrated.