KEY POINTS
Charlotte Fang, also known as Krishna Okhandiar, CEO of the Remilia Corporation behind the popular Remilio and Milady non-fungible token (NFT) collections, has revealed a significant security breach resulting in the loss of millions of dollars worth of ether and NFTs.
The announcement was made via an X (Twitter) post on March 16, where Fang disclosed that her system had been compromised, leading to the unauthorized access of all imported wallets.
The attack unfolded in two stages, during which the perpetrator accessed and siphoned off assets including 195.1 Ether from the Fumo ERC-20 token liquidity pool, 61 Ether from the Remilia treasury, 110 Miladys from the Remilia treasury, $58k USDC from a hot wallet, and various other holdings belonging to Fang.
Following the breach, the perpetrator swiftly sold all the stolen NFTs.
Possible scenarios contributing to the breach include malware infiltrating Fang’s device, granting the attacker access to her Bitwarden password management service account, or a brute-force attack on the account’s master password.
Fortunately, Remilia’s primary operating treasury remains securely held off-chain, ensuring that planned projects will proceed as scheduled without financial impediment. However, the incident has adversely affected the Fumo project and its $FUMO holders, as well as the pricing dynamics of primary NFTs associated with the collections.
Instances of theft within the NFT space are not new, but efforts to mitigate such risks have yielded some success.
For instance, in February, ZachXBT, a pseudonymous blockchain researcher, successfully reclaimed the majority of funds stolen in a DeGods NFT heist. Additionally, in December 2023, stolen Bored Ape and Mutant Ape NFTs worth $3 million were recovered following a 120 ETH ransom demand.
These incidents have prompted concerns within the NFT community, leading some governments to take preemptive measures. As a result, in November 2023, China officially declared NFT theft a crime.