Hackers masquerading as IT professionals have infiltrated Web3 and NFT projects, siphoning off nearly $1 million (approximately Rs. 8 crores) in crypto assets and shaking faith in the industry’s defences against insider threats, according to prominent blockchain investigator ZackXBT.
Insider Deception: Hackers Exploit Remote Work Vulnerabilities
In a revelation highlighting the growing sophistication of cybercriminals, hackers posing as legitimate IT workers infiltrated several Web3 projects and NFT protocols over the past week, siphoning off roughly $1 million worth of crypto assets. The breach, exposed by blockchain investigator ZackXBT in a detailed post on Friday, underscores how remote work structures and decentralized operations are leaving blockchain ventures dangerously exposed to insider threats.
The affected projects include Favrr, a Web3 fan-token marketplace, as well as NFT initiatives Replicandy and ChainSaw, among others not yet publicly named. According to ZackXBT, the attackers gained privileged access to critical systems, allowing them to manipulate NFT minting mechanisms and create massive volumes of tokens. These tokens were then dumped onto the market, instantly collapsing price floors and generating illicit profits for the perpetrators.
The Mechanics behind the Plan
The mechanics of the attacks reveal how even advanced blockchain infrastructure can buckle under insider manipulation. Once inside project networks, the rogue actors exploited smart contract vulnerabilities to mint vast numbers of NFTs without authorization. The sudden flood of NFTs led to a catastrophic drop in floor prices, a well-known tactic in crypto circles known as a “mint-and-dump.”
After cashing out, the hackers funnelled their illicit earnings through a series of exchanges and nested wallets to obfuscate the transaction trail. Funds stolen from the ChainSaw protocol are reportedly still dormant on-chain, while those from Favrr were swiftly moved into nested services, wallets often designed to mix funds and evade detection.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Crypto’s Insider Epidemic: A Global Problem
The incident follows a troubling trend in cybersecurity, where threat actors penetrate organizations under the guise of internal employees. The crypto world is particularly vulnerable given its reliance on remote teams, decentralized contributors, and pseudonymous developer communities.
Just last month, crypto exchange Coinbase revealed that external actors had bribed customer service contractors to leak sensitive user data, resulting in an extortion attempt affecting nearly 70,000 customers. Meanwhile, cybersecurity researchers have been tracking a North Korea-linked group known as “Ruby Sleet,” which has been infiltrating IT and defence companies by setting up fake recruitment schemes and social engineering campaigns.
For the Web3 industry, the ZackXBT revelations are a stark reminder that cutting-edge technology cannot shield projects from old-fashioned human deception. Law enforcement and blockchain analytics firms are now tracing the stolen funds, but recovering assets in the world of decentralized finance remains a complex, often elusive process. As ZackXBT noted, much of the loot has already moved into obfuscation layers, making retrieval and justice uncertain.