The founder of a DeFi venture capital fund just had $1.7 million worth of NFTs stolen from his personal wallet

March 22, 2022, 6:56 PM UTC

Even those well-versed and experienced in the crypto space aren’t safe from scams and hacks.

Arthur Cheong, founder of DeFiance Capital, a venture capital fund focused on the decentralized finance (DeFi) space, just had over $1.7 million worth of non-fungible tokens (NFTs) stolen from his crypto wallet on Tuesday.

“Well, this hit me hard but if I got exploited as a fairly sophisticated 5 years crypto user (DeFi user, password manager, mostly hardware wallet), I’m not sure how I can persuade most normal people to put a substantial part of their net worth on chain anymore,” Cheong wrote in a tweet that has since been deleted.

Cheong’s crypto wallet that was targeted was a “hot” wallet, or one connected to the internet, rather than a “cold” or hardware wallet. “Cold” wallets are deemed to be a safer option, as they can be stored offline. While no option is completely safe, for this reason hardware wallets are recommended as a better bet for holding crypto assets.

Security firm PeckShield estimates that each NFT that was stolen belonged to a popular or expensive collection, including five CloneX, 17 Azuki, two Tsubasa, two Hedgies, and 33 Second Self NFTs. 

Cheong said on Twitter the “likely root cause” for the exploit is a “spear-phishing email” he received recently. The email appeared to be from one of DeFiance Capital’s portfolio companies, which is why Cheong clicked. But upon opening the file shared in the email, the hacker was able to get his seed phrase, or password, and obtain access to his crypto wallet. 

“Was being careless on this one since it comes from 2 seemingly legitimate sources,” Cheong tweeted.

DeFiance Capital mainly invests in DeFi and Web3 gaming platforms. Its portfolio consists of some pretty big names in the space, according to its website. This includes the popular DeFi protocol Aave, which allows users to earn interest by lending and borrowing crypto; well-known gaming platform Axie Infinity; and Ethereum software company ConsenSys.

This type of hack is not uncommon, but Cheong tweeted that he “didn’t expect this to happen to me.”

When reached by Fortune, Cheong declined to comment, saying it’s “not the best time now.”

Never miss a story: Follow your favorite topics and authors to get a personalized email with the journalism that matters most to you.