Threat actors hacked the hot wallet of the NFT platform Lympo and managed to steal 165.2 Million LMT (worth $18.7 million).
NFT and DeFi platforms are privileged targets for cybercriminals, and the NFT platform Lympo was the last platform in order of time to suffer a security breach.
Lympo is building a sports NFTs ecosystem including NFTs with IP rights of world-famous athletes and clubs. The ecosystem will also include custom sports characters created by various artists and sports influencers.
Threat actors stole $18.7 million from several hot wallets of the platform.
“On 10 January 2022 at approximately 2:32 PM (UTC +2), hackers managed to gain access to Lympo’s operational hot wallet and stole a total of approximately 165.2 million LMT from it.” reads the alert published by Lympo on Medium.
In response to the security breach, Lympo enhanced safeguards to prevent the theft of other LMT, the company also temporarily removed LMT from various liquidity pools in order to minimize the impact of the attack.
The stolen tokens were sent to a single address used by the attackers to swap them for Ether on SushiSwap or Uniswap, then they were sent to other addresses.
Below is a list of the hacker wallets which are being monitored by the company:
The value of LMT lost more than 92% due to the cyber attack.
Lympo’s parent company Animoca, announced that it will support its subsidiary to face with consequences of the attack.
“We are working with Lympo to assist them on a recovery plan, but we don’t have any specific mechanisms.” said Animoca’s CEO, Yat Siu.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, NFT)