Bill Murray’s Ethereum wallet hacked for $174K after NFT charity auction

The Ethereum wallet linked to the actor and comedian Bill Murray – who is used to sell official NFTs inspired by his life– was attacked last night after conducting a charity auction this week, Murray’s partners at The Chive and Project Venkman say Decrypt.

In the end, almost 110 Wrapped Ethereum (WETH) were stolen from the wallet, worth around $174,000 at the time of the attack. The funds were stolen from the wallet after the auction an exclusive single issue NFT this week on Coinbase NFT, which raised 119.2 WETH, or about $185,000 at the time of sale. All funds were intended for charitable purposes.

Gavin Gillas of blockchain startup Project Venkman, which Murray co-owns, said Decrypt which he first noticed an unauthorized transaction removed 108.03 WETH (about $171,500) from the wallet last night, followed by another transaction for 1.73 WETH (about $2750). Those were the only transactions where WETH was stolen, Gillis confirmed.

The wallet also contained nearly 800 Ethereum NFTs from Bill Murray 1000 Project which will be sold next week, along with other NFTs that Murray owns through his business partners – including CryptoPunks, VeeFriendsand Damien Hirst artwork.

None of the NFTs were stolen, and all remaining Bill Murray 1,000 NFTs—along with those from other projects—were moved into other wallets in the hours that followed.

Gillas and John Resig, CEO of comedy and entertainment website The Chive (which Murray backed), told Decrypt that they filed a police report after the attack, and quickly engaged the services of blockchain investigative and security firm Chainalysis. They also communicated with Coinbase NFT regarding the theft.

The Chainalysis investigation is still ongoing, but Gillas believes the attackers gained unauthorized access through a wallet-draining exploit. Such attacks usually occur after the wallet holder inadvertently interacts with a link used to commit fraud.

In many cases, the wallet holder signs a transaction that they believe is for a legitimate purpose – such as creating an NFT or receiving tokens— but it actually gives broad access rights to the wallet’s tokens, and can be used to steal those assets. ONE wave of similar scams broke out during the spring and summer using, among other things, hijacked Twitter accounts.

However, the attacker may have had a different entry point in this case. Gillas said a Project Venkman employee had also emptied his wallet yesterday, which Gillas theorized could link the exploit to a hijacked work computer.

The Bill Murray NFT auction, which was completed on Wednesday, was created to raise money for the Chive Charities initiative. The money was earmarked to support the care of a three-year-old girl named Evelyn, who Resig said is struggling with the effects of a rare CLDN5 gene mutation, along with intractable epilepsy.

While the ETH funds paid by auction winner Brant Boersma were stolen, someone has already stepped up to replace the donation. Resig said the second bidder, who goes by the pseudonym accident72, donated 120 ETH to replace the funds intended for the child’s medical care. If the hacked funds are recovered, they will also be donated to Evelyn’s care.

And hoping to turn a bad situation into an even more positive situation than before, Resig said, The Chive has launched a GoFundMe page to crowdfund additional donations to help Evelyn, with an initial goal of $25,000.