Episode 3 – 15 CryptoPunks Lost to Phishing Scam
NFT Collector Stazie is the subject of Episode 3 of ‘How I Got Hacked’. Stazie’s story is one that’s far too common in the world of crypto and NFT: after clicking on a phishing link from a scammer in his DMs, Stazie entered his 12-word seed phrase into a fake MetaMask window, after which his wallet was drained of 15 CryptoPunks and some Ether.
| Date: | July 2021 |
| Type of Hack: | Phishing Scam |
| Type of Storage | Software Wallet |
| Value of loss (at time): | Approx. $3M |
| Value on Jan 1st, 2025: | Approx $1.9M |
*Values based on Floor Price
A crypto phishing scam is when attackers trick users into revealing their private keys or sensitive login credentials by impersonating legitimate cryptocurrency services or websites.
Getting Custody Wrong
Mistake #1: Unfocused Trading
By Stazie’s own admission, his frame of mind at the time played a large role in the hack, as he wasn’t thinking clearly at the time. The problem is that when it comes to irreversible blockchain transactions, there’s no room for error.
Crypto is an incredible tool to give people back control of their financial lives, but that sovereignty comes at a price. Only you are responsible for your transactions in crypto—there’s no customer service to turn to if something goes wrong. That means you have to be engaged when interacting with your digital assets and especially whenever you go to make a transaction.
“The only reason I could fall for that is because I was not in the right frame of mind at all, I was just totally in the fog. And then I realized what happened… I lost 15 Punks. So, I paid a very, very high price for that.”
$3MThe value of Stazie’s 15 CryptoPunks stolen through a phishing scam
Mistake #2: Clicking On a Link Without Verifying
Phishing links are arguably the lowest-hanging fruit available to bad actors looking to steal your crypto, and by far the most common source of people losing their funds. Hackers are always coming up with clever ways to get you to click on a link they control, whether it leads to malware getting downloaded on your computer, or invites you to connect your wallet to a drainer.
In this case, the scam link tricked Stazie into another cardinal sin of crypto security…
Mistake #3: Giving away seed phrase
Under no circumstances should you ever – ever – give anyone your seed phrase. Not even Ledger. Outside of the verified interface of whatever wallet you’re using, you should never input your seed phrase only any device. Assume that any entity asking for your seed phrase intends to scam you.
“No one can help you, you are your own custodian, your own insurance, and your own protection.”
Doing It Right
Keeping your seed phrase safe is rule number one in crypto – store it safely, offline, in a location only you can access and where it won’t be damaged. It also pays to be hyper vigilant when interacting with any links, as these can open you up to malware or malicious scam websites.
To learn more about crypto phishing scams and how to avoid them, read our article on Ledger Academy.
Watch Episode 3 of ‘How I Got Hacked’ for the full story.
