As the rapidly growing NFT market continues to attract waves of attention, hackers and scammers see a new frontier in the industry.
Historically, imposters have been attempting to exploit the crypto industry using any security loophole or scamming tool they could get their hands on. More popular cases include fake giveaways impersonating popular figures, crypto investment scams, airdropping tokens as bait, and more.
Now, with the renewed hype around NFTs that has seen investors pouring thousands of dollars into digital arts, hucksters and fraudsters are targeting this market. It is worth mentioning that some of these attempts are so professional that even industry experts are falling victim to them.
More commonly, scammers employ two methods to get into one’s wallet and drain their NFTs and other tokens.
Fake Support Staff
One seemingly working method to exploit users is pretending to be support staff on behalf of the leading NFT marketplace OpenSea. Since there are a number of nuances and issues with NFTs, including several common questions like why an NFT is not showing up in the wallet, this technique can work on many people — noobs in particular.
When users face any issue, they tend to demand help through what is known as the hub of NFT discussions and conversations: Discord. The confused user might simply assert their problem in the OpenSea community, and expect the company’s support team to respond.
However, what happens is a fraudster reaches out to the beleaguered user via a direct message, claiming to be support staff. Then the scammer would attempt to gain control of the user’s wallet in order to withdraw everything from ETH to NFTs.
This issue has happened to Jeff Nicholas, a creative director at Authentic AI. “They transferred everything. All the Apes, the dogs, the cat, the airdrops, all the ETH. They’re in my other account too, so I get in & try to salvage as much as I can, transferring it out to another wallet before it’s all gone. I get a few NFTs, some tokens,” he tweeted.
Assisting With Minting
It can be confusing for a newbie to get his head around the processes of minting and creating an NFT. Official bodies usually announce a specific date and time for when an NFT, or a group of NFTs, would be launched. When that time arrives, the website displays a “mint” button, where users should click to mint their NFT.
However, at times of high network congestion, which usually happens when a popular set of NFTs is slated to be launched, things get quite confusing. Users gather in the Discord to discuss the situation, where scammers try to take advantage.
A scammer with an official-looking account might announce that the mint has gone wrong and for obtaining an NFT, users should send tokens to a settled wallet address. Scammers might also post links to fake websites, trying to trick users into spending money on fake NFTs.
This method has even worked on Chase Devans, a research analyst at a leading crypto research firm Messari. “I’ve gotten rekt before. Shitcoins, May 19th cascades, you name it. This one hurts differently though. Had been refining my craft and building up a solid stack on SOL based on fundamentals. All gone in an instant, poof,” he tweeted.