The cryptocurrency industry has been plagued by opportunistic scammers, from those who run Twitter giveaways to those who airdrop tokens as bait and steal all your tokens if you try to move them.
Now, with NFTs selling like proverbial hotcakes (and numbers), scammers have changed their tactics to take advantage of this growing market – and their efforts seem to be working.
There are two main ways they get access to a person’s wallet and any tokens held in it.
Pretending to provide support services
A key strategy is to pretend to provide support services from OpenSea, which represents the NFT market.
This technique is effective because NFTs have many problems, from checking if a collection is official, to NFTs not showing up in wallets, or sometimes they show incorrect properties. These types of issues require help, so confused buyers turn to NFT issuers or the marketplaces they deal with for support.
Often, NFT buyers seek help on the information platform Discord, which has grown into a hub of NFT activity and conversation.
Here’s the problem: it’s easy for someone to set up an account called “OpenSea Support” or something similar and hang out in one of these chat groups. When someone mentions their problem, the fake support service will contact them with a direct message offering help.
A fairly effective tactic involves the in-browser wallet MetaMask. scammers will invite users to share their screens and direct them to a section of the wallet that is designed to connect your wallet across different devices. By doing this, the scammers will set up the wallet on their own device and gain full access to the user’s funds.
As this became a big issue, MetaMask has temporarily disabled this feature.
This exact issue happened with Jeff Nicholas, who is the creative director of Authentic AI. In a tweet, he described how he went to OpenSea Discord for support and ended up being cajoled into DMing by a scammer who went by the name “OpenSea” He ended up showing the QR code that allowed the account to be transferred to another device before he started noticing his wallet being emptied.
“They transferred everything. All the apes, dogs, cats, airdrops, all the ETH,” he tweeted.” They were also in my other account, so I went in and tried to salvage as much as I could and move it to another wallet before it was all gone. I get some NFT, some tokens.”
While this part of the attack may no longer apply to MetaMask, the key thing to note is that the supposed support account in Discord may be fake – they will use any trick in the book to steal your funds.
Exploiting the confusion of NFT mints
The scammers are not only targeting NFTs in general, but also focusing on mints in particular – realizing that this is the perfect time to catch people off guard.
When the NFT launches, there is an early announced public date and time. At this time, the site will offer a “mint” button where anyone can pay to create a mint of, say, 10,000 NFTs. if the mint is in high demand, it can sell out in minutes, if not seconds. This can make for an incredibly stressful moment, especially when the mint doesn’t go exactly as planned, which often happens. It can also lead to a lot of confusion – which is when scammers take advantage.
Prior to minting, potential NFT buyers will be looking for mint locations and key details (best found in the FAQ). During this time, if there are any questions, they will be looking for answers and solutions. They will usually sit in the main general chat on the relevant Discord channel.
One method is to pretend to offer minting services. The scammers will say that there is a problem with the mint and the only way to get NFT is to send cryptocurrency to the wallet address they provide.
Another example is that the scammers will post fake links and hope that people won’t notice. One tactic is to post a link to a website claiming that is where the airdrop will take place. It will look similar to the official site, but it will likely trade out all the NFTs from their wallets.
This particular tactic influenced Messari research analyst Chase Devans, who used a link that his friend at Discord saw and gave him. When he tried to mint an NFT on that site, it took $15,000 of solana (SOL) and all of his NFTs from his wallet.
He tweeted “I’ve been scammed before. Dogshitcoin, May 19 chain reaction, you name it. But this time the damage is different. I’ve been perfecting my craft and building a solid SOL stack based on the fundamentals. All of that went away in an instant, poof.”
Such a strategy worked very well with yesterday’s NFT mint from the Solana-based project Aurory. One wallet ended up with $1.5 million and 350 NFTs, some of which have since been frozen. The scammer ended up making even more money than the NFT issuer due to an error in the minting contract where the NFT was sold for 1 SOL instead of 5 SOL.
A related aspect here is that the popular Solana wallet Phantom has an auto-approval feature that will approve any transaction from an approved site (designed to make it faster to mint coins). But this could allow sites to approve all sorts of other transactions, potentially putting your NFT at risk. Phantom says it is removing this feature.
The main advice here is to check that you are using the official links, which can usually be found in the project’s FAQ channel – and not to use any of the links provided in the public channel. It’s also recommended to create a separate wallet for each mint so you don’t lose more than what’s in that wallet.