Cyber Incident Victim: NFT Investments Plc

On January 9, 2023, British firm NFT Investments disclosed a cyberattack resulting in the theft of $250,000 worth of assets. The company, which invests in businesses developing non-fungible tokens and is listed on the Aquis Stock Exchange Growth Market, announced the incident via the London Stock Exchange’s Regulatory News Service. NFT Investments identified the breach as a fraudulent phishing attack originating from an unknown external source, discovered on Monday, January 9, though it did not specify the exact mechanism enabling the asset loss. The company activated its incident response plan immediately upon detection and committed to commissioning a third-party investigation to determine the attack’s circumstances. The stolen amount represented less than 1% of the firm’s net assets, which totaled approximately £30 million ($36.6 million) according to unaudited interim results published in September 2022.

The disclosure emphasized that NFT Investments held over £20 million in cash at the time of the breach, alongside reporting a £4.2 million loss for the six months ending June 30, 2022. No further operational disruptions or system compromises were detailed in the announcement. The company stated it would notify stakeholders of any material changes to the situation. This incident occurred amid a broader pattern of cyber thefts targeting cryptocurrency and decentralized finance entities throughout 2022, including a $3 million loss by BIT Mining in December and Wintermute’s $160 million hack in September. While the disclosure did not attribute the attack to any specific threat actor, it contextualized the event within an environment where North Korean-linked groups were actively exploiting crypto platforms, including the $625 million Ronin Network heist in March 2022. NFT Investments provided no additional technical details regarding the phishing methodology, asset recovery efforts, or long-term financial repercussions beyond the initial loss valuation.