Duppies NFT squad cracks jokes after hack
DeGods announced the mysterious collection of 13,333 NFTs via Twitter on May 20, with plans to go public sometime this month. DeGods’ various Solana-based collections typically appear on Magic Eden, so don’t get their unreleased collection confused with a project of the same name already out on OpenSea. Its description reads, “Duppy is a word of African origin commonly used in various Caribbean islands, including Barbados and Jamaica, meaning ghost or spirit.”
Now DeGods’ Duppies project will drop in July, maybe in part because someone took advantage of the hype–sneaking onto the Duppies Twitter account and baiting community members with a bad link that drained their wallets.
“I’m sure most of you heard my hints and clues on the spaces,” read the hacker’s tweet from this weekend, which went live looking just like one of Duppies’ own. “Sometimes the best things in life are surprises… Mint now live. Free to all DeGod holders.” This is called a stealth mint, by the way. Creators drop their collections unannounced to drum up the excitement while avoiding copycats. The banner for Duppies’ Twitter page also read “Mint Now Live.”
“Hey! The @DuppiesNFT is HACKED DO NOT CLICK ANYTHING,” DeGods tweeted on June 19.
No one knows what the Duppies will look like yet–maybe they’ll mimic the popular PFP style of their predecessors, the DeGods and DeadGods collection, but anything’s possible–the project’s description says they’re taking a new art direction.
As with other projects like BAYC, users aren’t just buying a profile picture or provocative artwork. They’re buying into a community experience and making investments. The DeGods universe operates on its own multi-utility, native token called $DUST–typically valued around $2.75 in cash money. Although the DeGods team has stated their intention to position Duppies as a standalone brand, the collection will still run on $DUST.
“It will cost 375 DUST to mint one NFT, which is way above the average mint price on Solana,” DEXterlab said on May 27. “$DUST equals ~25 SOL (SOL=$40.00).” Though details on Duppies are scant, the white list and its proportionate allocations have gone public–every DeadGod holder gets a spot, and DAOs are getting in on it, too.
Following last weekend’s hack, DeGods leader Frank hopped on a Twitter space early Saturday afternoon with Code Monkey, who took the lead in remediating this situation. They entreated Twitter to take down the account–at press time, it’s still up, but the bad tweet’s been deleted. After follower intervention, the banner has been changed as well.
“We were able to get ahold of the higher ups at Twitter–not Elon but, you know, close,” Frank said.
Code Monkey explained the situation succinctly. The hacker got past two-factor authentication on the Duppies Twitter page by contacting an account holder’s cell phone provider and executing a SIM swap, which “basically clones the actual device identifier within it and gives the person access to the phone number associated with it,” as he explained in the Twitter space.
“At that point, they can then contact Twitter support and have them switch over the information because they can receive one-time passwords from there.” The hacker’s link led to a clone of the Duppies site. Code Monkey discovered the hacker got the domain on June 3.
The affected team member got a new phone. Code Monkey took care to absolve the DeGods team from any carelessness.
“Nothing from a security perspective could have been done to prevent this,” he said. “If you go back and look, this actually happened to Jack Dorsey from Twitter himself. If it could happen to Jack Dorsey can happen to anybody.”
Frank laid out the overall damage. “We looked at the wallets that the scam took place on,” he said. “It appears that he probably made like 600 bucks, and most of it was in $DUST.” There is no evidence of the hacker’s gender at present. “We’ll be obviously figuring out if we can refund all the people that lost their $DUST, but it wasn’t a successful hack,” Frank continued. “Man used a fucking ethereum picture for a second attempt, like come on bro, this is Solana.”
“Pretty magical to watch and see all of us come together and squash this as soon as possible,” Frank said, “and really grateful that barely anybody got affected, and it wasn’t sizable.” In their piece, DEXterlab also wrote, “high demand for Duppies is practically guaranteed because people trust the DeGods team, and the already established and passionate community will be a powerful marketing force.”
Code Monkey said the hacker likely spent about 160 hours cloning the site–only to make enough money for a few pizzas. “Nice,” Code Monkey said. “Have a pizza party or something.”
“He was working for the exposure, right?” Josh Ollin asked.
All jokes aside, they emphasized this isn’t the first attempted DeGods hack. “I think people need to realize how strong social engineering can actually affect things,” Code Monkey said. “It’s not your typical person, you picture being a hacker behind a computer in his mom’s basement. It’s literally someone that’s going through doing a bunch of reconnaissance.” Code Monkey recommended scoring a burner phone for important projects and accounts. Olin warned community members to be wary. Con artists are charming–it’s part of their craft. Would a world without them really be pleasurable, and is it even possible?
Read related posts:
- Hidden NFTs in Love Death + Robots
- OpenSea Confirmed Solana Support
- BAYC and OtherSide Discords attacked in giveaway scam
Any data, text, or other content on this page is provided as general market information and not as investment advice. Past performance is not necessarily an indicator of future results.
The Trust Project is a worldwide group of news organizations working to establish transparency standards.