Cyber Incident Victim: Azuki

On January 27, 2023, the official Twitter account of the Azuki NFT project (@AzukiOfficial) was compromised during the morning Pacific Time hours. Attackers posted a series of unauthorized tweets containing a malicious link prompting followers to "claim land" in The Garden, Azuki's native metaverse platform. The breach occurred despite the account being secured with two-factor authentication (2FA) via an authentication app. Azuki's team detected the compromise and swiftly initiated response protocols, including direct contact with Twitter support and public warnings to their community. Community manager Emily Rose alerted followers via Twitter not to engage with suspicious links, while Discord moderators issued parallel warnings. The malicious tweets were deleted by the afternoon of the same day, though the account's bio link remained temporarily compromised, continuing to redirect to a scam site.

Azuki regained full control of the Twitter account on January 27 after collaborating with Twitter’s internal teams to resolve the breach. The project confirmed no other official communication channels (Discord, website) were compromised. Immediate impacts included the dissemination of phishing infrastructure targeting Azuki’s user base, with historical precedent noted—in April 2022, attackers had hijacked the India University Grant Commission’s Twitter account to promote fraudulent Azuki NFT airdrops. The January 2023 incident disrupted standard community communications, requiring coordinated mitigation across social platforms to limit exposure. Secondary market data indicated Azuki NFTs maintained a floor price of 14.76 ETH (~$23,600) at the time, with cumulative sales exceeding $4.4 million since launch. No financial losses or further technical compromises were disclosed in available reports. The team emphasized reliance on multi-channel verification for official announcements while continuing to investigate the Twitter-specific security failure.