The Monkey Kingdom hack: a shining example of what to do in a crisis

With interest in NFTs (non-fungible tokens) continuing to grow at an exponential rate, it was hardly surprising to see last week’s malicious hack of Hong Kong-based Monkey Kingdom – one of the hottest NFT properties on the planet right now – generate so many column inches.

As news emerged that Monkey Kingdom’s creators were facing massive financial losses, many wondered what this would mean for the project’s supporters.

After all, a hack of this nature – especially one concerning such a well-known platform – is unprecedented for the sector. Indeed, some within the NFT community predicted that investors would be left high and dry.

Fortunately, this is not what transpired. On the contrary, the team behind Monkey Kingdom went above and beyond to ensure supporters of their project were protected.

As the proud owner of one of these fantastic digital artworks, this was great news for me on a personal level. More importantly, however, I see this as a fascinating test case that serves to emphasise the importance of doing your homework before you invest.

In the face of a crisis, Monkey Kingdom’s creators stepped up, but make no mistake: we may well have seen an altogether different outcome had another, less-reputable project, been compromised.

This is what happened…

If you’re not familiar with NFTs, here are the basics

NFTs, which are built using blockchain technology, offer new ways to invest in the ever-increasing number of virtual environments that are springing up in the metaverse.

These tokens, which are often related to unique pieces of art, provide undisputable proof of ownership for buyers. People are flocking to purchase NFTs and trade them, both as a way of generating short- and long-term income, and to become part of excusive virtual networking clubs.

The Monkey Kingdom platform launched to much fanfare and celebrity endorsement in late November, offering users the chance to buy 2,222 Wukong-inspired digital portraits of the mythical hero, Monkey King.

A sophisticated hacking operation

Last week, Monkey Kingdom suffered a huge setback when hackers succeeded in accessing the project’s Discord chat admin account, stealing approximately $1.3 million from users in the process.

In an announcement posted on 21 December, the project explained: “Since [this] morning, our Discord was flooded with thousands of bots impersonating Monkey Kingdom or Baepes announcements. They DM-ed our users directing them to suspicious websites that require them to connect their wallets…”

Essentially, the hackers went ‘phishing’ – sending out a seemingly legitimate link to users of the Discord chat, just as Monkey Kingdom was launching its new sale. Supporters were duped out of SOL 7,000, the equivalent of nearly $1.3 million.

In the immediate aftermath, Monkey Kingdom disabled its website and all purchase requests were temporarily suspended while the hack was resolved and investigated.

A model response

In my opinion, it is the way the Monkey Kingdom team reacted in the face of this crisis that is truly impressive.

Firstly, the project’s founders were extremely fast in their response to users’ losses.

Secondly, they immediately adopted a community-first approach by pledging to refund every single user who lost out. This response underlines not only their integrity but also the fact that the project is a genuine blue-chip operation, big enough to ride out malicious attacks with aplomb.

Monkey Kingdom then announced its contention that the hack had occurred due to a security issue with Grape, the decentralised social networking platform employed by the project.

Grape, which is widely used and trusted by the NFT community, also announced that an internal security breach had led to issues – including the Monkey Kingdom hack – across its clients’ platforms and assets.

Finally, in addition to refunds for its supporters, Monkey Kingdom set out a raft of new security measures and revealed that it had brought in external expertise to help avoid future hacks.

While this exemplary response certainly makes Monkey Kingdom stand out from the crowd in the NFT, crypto and blockchain spaces, the success of the hackers nevertheless underlines certain vulnerabilities within this nascent sector.

Future security

One ongoing issue connected to blockchain technologies and NFTs is that they can be difficult to monitor and manage, and cybercriminals are seemingly always on the hunt for new exploits.

Since so many NFTs have become high-value, sought-after items, it’s perhaps unsurprising that unscrupulous cybercriminals are preying on the sector. Monkey Kingdom’s hack is just the latest in a long line of planned and intelligent, yet malicious, attacks.

Even so, one point to keep in mind is that the underlying blockchain network is pretty much ‘unhackable’. It comprises a massive number of servers, most of which are not directly connected.

Instead, it is the digital services, platforms and networks that asset owners use to purchase, trade or store crypto assets residing on the blockchain that hackers are interested in.

One way to keep your funds safe is by creating a ‘burner wallet’ – a virtual account with limited funds stored in it. Another tip is to only use original platforms to trade because most require two-factor authentication (i.e., a code sent to your phone) to verify it’s really you before you can make a transaction. Do not use platforms such as Discord or Twitter to trade because they were not built for this purpose.

Moreover, it almost goes without saying that we should all use unique passwords, changed regularly, and ensure our own defences – such as firewalls and virus software – are all completely up to date and regularly scanned.

Lessons learned

Ultimately, the Monkey Kingdom hack and other attacks in this space serve as cautionary tales. We shouldn’t let cybercriminals scare us into not enjoying these opportunities, nor should we become overly wary of using technology for purchases, investments and trading.

Yes, the NFT sector is new and it’s attracting a lot of attention – both good and bad. Its fast-evolving nature means regulators are constantly working to keep pace with the technology.

In my opinion, however, the main threat stems from a lack of understanding among users when it comes to blockchain, cryptocurrencies and NFTs.

If you’re thinking of investing, take the time necessary to get to know the sector and do your own research into how it works. The best defence against losing out to scammers in 2022 is your own knowledge.

On this occasion, the Monkey Kingdom team went the extra mile to ensure users who were defrauded didn’t lose out. But don’t forget, they didn’t have to do this. Individuals targeted by hackers in the future may not be so lucky.