Hackers Posing as IT Insiders Steal $1 Million from NFT and Crypto Projects
June 27, 2025 — Cybercriminals masquerading as legitimate IT professionals have orchestrated a sophisticated breach targeting several decentralized Web3 projects, resulting in approximately $1 million in cryptocurrency losses over the past week. The security incidents were uncovered and analyzed by ZackXBT, a reputable onchain investigator and cybersecurity analyst specializing in blockchain exploits.
Multiple Web3 Entities Compromised
The hackers successfully infiltrated a range of NFT and crypto platforms, including Favrr, a marketplace for Web3 fan tokens, as well as NFT projects Replicandy and ChainSaw. While ZackXBT confirmed the involvement of these entities, he noted that additional unnamed teams were also victimized during the coordinated attack.
The cybercriminals exploited vulnerabilities in the minting mechanisms of the targeted NFT projects. By illicitly minting large quantities of tokens, they flooded the market, driving the price floor down to zero and liquidating their holdings for profit. This manipulation not only inflicted financial damage on the affected communities but also distorted the underlying market dynamics.
Fund Movement and Current Status
Following the breaches, the stolen assets were moved through a complex chain involving multiple cryptocurrency wallets and exchanges, a common tactic intended to obfuscate the origin of stolen funds. According to ZackXBT’s tracking, while the funds from the ChainSaw hack remain largely inactive and dormant, assets stolen from Favrr have been routed into nested services, making recovery and tracing efforts more difficult.
Insider Threats and Industry Implications
These recent incursions highlight the growing threat posed by malicious insiders and external threat actors who exploit remote work settings to gain unauthorized access to sensitive infrastructure within blockchain and Web3 projects. This trend has raised concerns across the industry, as it not only compromises user funds but also hampers the progress and trust in decentralized technologies.
In a related context, cybersecurity teams have observed an uptick in targeted intrusions by threat actors with ties to nation-state groups. For instance, the “Ruby Sleet” hacking group, attributed to North Korea, was identified in late 2024 as actively penetrating aerospace, defense contractors, and IT firms in the United States through social engineering and fake recruitment schemes.
Previous Incidents Highlight Ongoing Risks
The crypto sector has faced similar internal security challenges recently. Notably, in May 2025, major exchange Coinbase disclosed a data breach where external attackers bribed customer service contractors to leak personal user information, affecting around 69,000 customers. The leaked data included sensitive identifiers such as addresses and phone numbers and was subsequently used in an extortion attempt against the company.
Conclusion
The latest wave of attacks underscores the critical need for enhanced security protocols, rigorous employee vetting, and continuous monitoring within blockchain and Web3 environments. Stakeholders are urged to adopt comprehensive cybersecurity measures to mitigate insider threats and safeguard the decentralization ethos fundamental to the crypto ecosystem’s future growth.
For more updates and detailed blockchain analyses, follow Cointelegraph News.