Cyber Incident Victim: Ferrari
Date:
May 2022
Location:
Italy
Summary
A Ferrari subdomain was hijacked to host a fraudulent NFT collection scam impersonating the company's legitimate digital product plans. Attackers exploited an Adobe Experience Manager vulnerability to compromise the subdomain, promoting a fake "Mint your Ferrari" scheme that collected approximately $800 via an Ethereum wallet flagged for suspicious activity. The scam leveraged the carmaker's prior announcement of NFT collaborations to appear credible, enticing visitors with false claims about token exclusivity before the subdomain was disabled. This incident highlights emerging risks of cryptocurrency fraud targeting high-profile brands through compromised web infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 5, 2023, ethical hacker Sam Curry identified that Ferrari's subdomain forms.ferrari.com had been compromised to host a fraudulent Non-Fungible Token (NFT) promotion. The scam falsely advertised a "Mint your Ferrari" NFT collection, claiming Ferrari had launched 4,458 digital tokens on the Ethereum network. This deception exploited Ferrari's legitimate October 2021 announcement of planned NFT products developed with technology partner Velas. Attackers manipulated the subdomain to display counterfeit branding and transaction interfaces, directing victims to send cryptocurrency to Ethereum wallet address 0xD88e1C6EC0a2479258A6d2aB59D9Ae5F2874bC44. Blockchain analysis by Twitter user root@rebcesp revealed the wallet accumulated approximately $800 before Ferrari disabled the subdomain.
Technical investigation determined attackers breached the subdomain by exploiting a vulnerability in Adobe Experience Manager, Ferrari's content management system. The compromised site remained active for an unspecified duration before detection, displaying remnants of legitimate content alongside fraudulent NFT claims. Ferrari responded by taking the subdomain offline, resulting in HTTP 403 errors for subsequent access attempts. Etherscan later flagged the associated wallet address for suspicious activity. The incident occurred amid rising NFT-related fraud, leveraging public interest in high-profile NFT sales like Beeple's $69 million Christie's auction. No official statement from Ferrari regarding remediation measures or impact assessment was documented at the time of reporting.