On August 31, 2021, an attacker created a phishing website that had a malicious code embedded so when users clicked "connect" and "approve" to mint an NFT it swept everything from the wallet of the would be purchaser. The attacker bridged the stolen funds from Solana sollet bridge to ethereum where the stolen funds worth approximately 1.5 million are currently sitting. The attacker also sold multiple NFTs that were taken from wallets during the execution of the exploit.

On August 31, 2021, the Aurory project was set to go live with their first NFT mint. Minutes prior to launch a malicious attacker create a phishing website and began spamming on multiple social channels that the project was open to mint. I mistakenly did not have a burner wallet set up and I lost everything in my wallet when I clicked mint + approve. Unfortunately this included a high value NFT and solana being swapt from my wallet. The contract exploit evidently was designed to drain the entire wallet when a user approved the transaction. This address is the wallet the scammer used to bridge from solana to ethereum.