The United States Federal Bureau of Investigation (FBI) has sounded the alarm on an escalating cyber threat, cautioning the NFT community against malicious actors. However, these criminals impersonate genuine NFT developers, hijacking or mimicking their social media accounts to defraud victims. This deceitful tactic involves advertising fictitious NFT releases, capitalizing on inducing a sense of urgency through phrases like “limited supply” and marketing the promotions as “surprises” or unanticipated mints.
Widespread scam methods: Spoof websites and account duplication
In detailed descriptions provided by the FBI on August 4, cybercriminals use phishing links, leading victims to counterfeit websites which closely resemble legitimate NFT project platforms. The unsuspecting victims, under the impression that they’re connecting their wallets to a trustworthy platform, are inadvertently linking to “drainer” smart contracts. This results in their funds and NFTs being siphoned off by the criminals. Subsequently, the stolen assets are frequently laundered through various cryptocurrency mixers and exchanges, complicating tracing these stolen goods’ final destination.
A worrying incident brought to light by an X (formerly known as Twitter) user, StockEd, accentuates the gravity of the situation. StockEd detailed how they were swindled out of more than $300,000 worth of NFTs, even without linking their wallet, simply by clicking on a deceptive website that mimicked the LooksRare NFT marketplace.
More alarmingly, this duplicitous site was ranked at the top of Google’s search results, sponsored as a paid ad. The alarming prominence of such deceitful sites underscores a significant challenge yet to be addressed adequately by search engine giants.
Web3 anti-scam entity, Scam Sniffer, revealed another significant breach where an individual lost assets, including Bitcoin, Ether, and PEPE, amounting to $446,000, due to a phishing link. This particular cyber-attack was attributed to a “Pink drainer address”. Adding to the complexity, certain accounts like Avalanche and QwQiao, compromised within a 24-hour window, reportedly propagated two misleading airdrop links.
Essential safety precautions for the NFT community
Given the intricate nature of these cyber threats, the FBI has proactively provided guidelines to assist the NFT community in safeguarding their assets. Central to this advice is the principle of vigilance: always research and validate any unforeseen opportunities, such as surprise NFT drops. The Bureau advises individuals to diligently verify social media accounts promoting such opportunities, looking out for discrepancies in account histories, spelling errors, and other signs that may indicate a fraudulent account. Additionally, for websites requesting wallet connections, it’s paramount to inspect URLs meticulously for any anomalies, ensuring that the site’s legitimacy isn’t compromised.
Furthermore, the FBI urges anyone encountering or falling prey to such schemes to promptly report these incidents to the FBI Internet Crime Complaint Center. By incorporating specific keywords like “NFTHack,” victims can provide invaluable information that aids in addressing this concerning trend in cybercrime.
In light of the aforementioned incidents and warnings, it becomes imperative for members of the NFT and wider crypto community to be consistently cautious and informed, ensuring their hard-earned assets remain secure.