Screenshot 2022 08 22 092950

The Sandbox’s Instagram account was hacked earlier today (September 8). The incident was reported by the co-founder of the popular metaverse game.

Sebastien Borget, co-founder & COO of The Sandbox tweeted: “Our Instagram account has been compromised 1 hour ago – despite 2FA and more protections.  We’ve notified @instagram to resolve this.

“Do NOT click on the new link on The Sandbox Instagram account bio or fake “Season 4 Raffle”.

“Stay SAFE and alert. Thanks for reporting.” 

The tweet included a screenshot of the Instagram account which showed that the game’s bio had been changed. The hackers invited fans of the game to participate in a fake “Season 4 Raffle”.

A phishing link “thesandboxESgame.com” had been included to lure in unsuspecting victims.  The official link for The Sandbox website is sandbox.game.

A post was also pinned to the grid providing details about the fake raffle.

Several Sandbox fans have been scammed

Borget made the announcement on Twitter just an hour after the hack happened. But unwitting victims got burned anyway.

Several Sandbox fans reported they lost NFTs as a result of the hack. Others clicked the link and were concerned their details might have been exposed even though they didn’t lose anything.

Twitter user digitalyatish.eth said: “My @veefriends series 2 got stolen *sad face*”

And Twitter user sachahadjadj15 said: “I’ve been scammed, he took 2 nfts I got in my wallet is there anything the team can do to get back our losses?” 

The Sandbox is yet to make an announcement about any potential support for gamers who got scammed as a result of the attack.

The Discord was rife with discussion about the recent hack as well, with moderators insisting The Sandbox team will ‘get to the bottom’ of the hack.

The Play to Earn Diary team has reached out to The Sandbox for a statement on how they plan to support the community in the wake of this recent hack. Make sure to follow us for further updates about this situation!

Good news: The Sandbox regained access to its account

A few hours after the hack took place, Borget tweeted again to say: “Instagram account recovered. The hacker tried to rent Bored Apes Yacht Club NFTs – using our account.

“We would NEVER ask via DM and have contacted all users to notify them.”

He also included a screenshot of what some of the scam messages looked like. In one message, The Sandbox hacker sent several Bored Ape Yacht Club (BAYC) NFT holders the following message: “Hello sir, we would like to rent your BORED APE YACHT CLUB NFT for 24h for an event. We will pay you 40eth coins for this service.”

Bored Ape Yacht Club NFTs
The scammer was targetting Bored Ape Yacht Club NFT holders by messaging them from the official Sandbox account and asking to ‘borrow’ their NFTs. Image source: BAYC

The hackers offered 40ETH in return for ‘renting’ the person’s BAYC NFT for 24 hours.

The hackers may have then attempted to sell the NFT on OpenSea, despite their stolen items policy. Previous buyers have been burned by buying stolen NFTs on OpenSea and not getting their money back. Police reports can be filed, but they often don’t go too far.

After The Sandbox got hold of its Instagram account, it immediately sent out messages to the affected users apologizing for the phishing message and explaining the situation.

The message read: “We are very sorry, our Instagram account has been hacked – despite having 2FA enabled.

“We have now recovered control finally with the help of the Instagram team.”

What happens when an NFT is stolen?

In theory, when an NFT is stolen, it becomes ‘too hot to handle’ because it is unique and therefore can be traced back to the culprit.

But in practice, this doesn’t always happen.

OpenSea has a policy banning the sale of stolen NFTs.

That hasn’t stopped people from buying and selling stolen NFTs. The buyer is often unaware that the NFT is stolen and loses out as well.

Victims are encouraged to submit police reports, but the Web3 space is hard to police.

There are many victims when an NFT is stolen and the Web3 space is still figuring out how to best police it.

OpenSea’s own stolen items policy was met with criticisms and allegations that members of staff told buyers who purchased a stolen NFT to try sell it elsewhere to recoup their losses.

Twitter user MyFrenMyFren tweeted OpenSea to say: “I purchased a stolen NFT, had no idea it was stolen and felt bad about it. I tried to make good on it and return it. The Discord was no help so I asked you.

“Your support staff literally told me to sell it on Looksrare. This was before you laid off 20%+ of staff. Make it better pls.”

There is clearly a lot of room for improvement in this space.

Sandbox hacked: What’s next?

This is not the first time The Sandbox’s Instagram account has been hacked despite having two-factor authentication enabled (2FA).

In fact, just a month ago, the game had to deactivate its account after its Instagram was hacked.

The Sandbox issued a statement then too. Despite this, several users fell for the scam.

Users on the Discord server expressed similar concerns as well, with the moderators insisting that the team is going to get to the bottom of the issue.

No further updates have been issued by The Sandbox team about how it plans to support the community, and especially those who have been affected by the recent hack yet.

We have reached out for comment.

How to stay safe in Web3

Scams are rife in Web3. The Sandbox’s Instagram account got hacked despite their use of 2FA authentication.

So how can you stay safe in Web3? Here are a few ideas:

  • Don’t follow any suspicious links
  • Don’t interact with any unknown NFTs in your wallet
  • Get a hardware wallet
  • If you’re on Discord, disable your Discord DMs
  • Use 2FA; it’s not perfect, like we’ve seen today, but it helps
  • Verify, double-check, and if something sounds too good to be true – it probably is!

If you are concerned about your safety in Web3, make sure to check out our article outlining the best ways to stay safe while taking part in this new ecosystem.

The most recent Sandbox hack only lasted a few hours but it took several victims. The Sandbox team has committed to investigating the issue.

But will there be further support? Gamers are waiting with bated breath for an update.

Any investment/financial opinions expressed by Play to Earn Diary are not recommendations. Our content is for educational purposes only. If you plan to invest in any game or cryptocurrency then please do your own research and only spend what you can afford to lose.

This site contains affiliate links. We may receive a commission for transactions made through these links.

Trade Bitcoin With Paxful

Join the leading peer-to-peer platform to buy and sell Bitcoin using 350+ payment methods!

Related posts