NFT scams never miss out on making news headlines constantly.
What is it to earn tens of millions of dollars from an asset that gives you the accredit through a digital certificate? Welcome to the delightful world of Non-fungible tokens where the user can be the owner of anything from arts to land in the digital space.
As with the case of any industry, the popularity of the space also makes it the target for attackers to wipe handsome profits by unauthorised means. Let’s discuss one such evergreen way most sought by hackers to loot funds.
Guess what? They are the phishing attacks through which fraudsters can draw a fair number of users into losing money. Go on to learn how to avoid getting caught in the trap net. Let’s begin!
What Are NFT Phishing Scam And Their Types?
Phishing is an incredibly popular technique to grab all sensitive user data. The details may include login information, passwords to accessing funds/seed phrases etc. Phishing links are circulated through emails, texts or websites impersonating the information from an official entity.
As many individuals don’t introspect the details asked, they are easily tricked into giving out their private information. Hence this escalates the success rate of phishing attacks to the rim.
Speaking of its types, NFT phishing attacks range from sending emails to employing advanced methods such as spear phishing.
In classic email phishing, the attacker imitates an authorised entity, tailors a mail, and sends them to users randomly. Thus the reader believes the mail has come from an official source, and that’s the end of the story. More in detail about this hack is given below.
While spear phishing hacks are more organised, aiming at a specific group such as the company’s system admin. Apart from this, vishing is a type of hack that is accomplished through voice calls.
How Do NFT Phishing Scams Take Place?
Recently, social media sites have grown drastically, with users turning to the space for any NFT updates and launches. That also serves as the hub for attackers to get their hands on stealing away assets by phishing scams.
Let’s explore the different mediums and how to detect phishing attacks performed on them.
Phishing via email
Often emails despise an NFT artist or project developer with a link attached to NFT drops, giveaways, and scamming the users. After clicking on that, these link direct to an NFT phishing site asking for bank account details, private key and other login info, which mostly are unnecessary to access the NFT drops.
Another way is sending an email notification from marketplaces saying that NFT posted for sale is bid by a buyer provided with a link to log in and see the status. The hacker steals the data while filling out the login information asked in the link.
Therefore, before clicking on links, the user should stay aware of the NFT security and always log in through the official marketplace site.
Phishing on Discord
Discord has set prominent grounds for crypto and NFT enthusiasts to connect with the community they wish. That sends an alarm to scammers as well to turn that to their advantage.
Hackers gain access and find a way to enter the Discord servers and post fake giveaway links to convince users to acquire them by filling out personal data.
Users must be aware of the NFT security best practices and know that the NFT giveaway doesn’t require private keys or seed phrases to be entered.
Phishing on Instagram
The creators and project developers commonly use Instagram pages to launch projects and share development upgrades with their fans. On the downside, hackers are mimicking the accounts of renowned artists and posting fake announcements.
The users believing them and investing in the projects certainly lose their funds. Once the user details are in the hacker’s grasp, it is already too late for the victim to find a way back.
Phishing on Twitter
NFT phishing attacks on Twitter operate in the same fashion as that on Instagram. There are also instances where the official account of big shots is hacked, and fake links are posted on their page.
The followers unknowingly proceed to purchase in the compromised accounts, thereby draining their wallets.
5 Most Infamous Phishing Attacks On NFTs In 2022
The world’s largest NFT marketplace, OpenSea, faced a phishing hack losing $1.7 million worth of Ether early this year. Learn more on the OpenSea NFT phishing hack below.
How did the hack take place?
Phishing links were sent to OpensSea users asking them to migrate NFTs into the OpenSea account. The contract had the attacker’s address and call data, which the phished user signed. This approved the transaction of the tokens into malicious contracts emptying the assets from the victim’s wallet.
In April 2022, hackers breached BAYC’s official Instagram page and circulated fake airdrop links, resulting in more than a $40 million loss.
How did the hack take place?
The hackers somehow gained entry into the official BAYC account with a fake airdrop link. The NFT enthusiasts gave in their metamask details that drained the ape NFTs from wallets.
Beeple Phishing hack
The artist behind the most expensive Everyday’s NFT artwork has a history of NFT phishing attacks leading to a $438,000 loss.
How did the hack take place?
After impersonating the artist Beeple’s Twitter account, the link for a fake NFT collection is shared with his followers. The link then drained crypto and NFT from the user’s wallets.
Seth Green Phishing link hack
American actor Seth green lost his NFT collection worth more than $60k because of a privacy breach in his account.
Deekay Kwon’s Phishing Link hack
DeeKay Kwon’s hack followed a similar phishing attack pattern as Beeple. By posting a phishing link on the DeeKay account, the hacker managed to make $150,000 from multiple victims.
Preventive Measures For NFT Security Issues
The surging NFT phishing scams call for awakening protection to assets. There are tips people can have in mind to protect them from being victims of the most lucrative thefts.
- Refrain from opening links shared on emails and social media platforms. Always reach out to the official platform to confirm the giveaways or the updates.
- Maintain separate email accounts for each of the NFT marketplaces so that your details are not focussed on one single place
- Although it is convenient to opt for gasless executions offline, considering the NFT security, you don’t allow blind signatures as it may lead to a security breach.
- If you’re allowing off-chain signatures, pay keen attention to approving token permissions.
- Be selective in choosing the platform where you want to invest. Always go for NFT marketplaces that have more concern for security.
How QuillAudits Due Diligence Service Help You Secure Your NFTs?
QuillAudits works exceptionally in offering imperative services to shield the crypto and NFT investors from the brim of hacks. On that note, NFT Due Diligence services direct one to securely deal with the assets they wish to invest.
Now shining some light on some of the salient features under the NFT Due Diligence service offered here.
- Protection against NFT counterfeiting
- Help with solving issues in the code
- Guide to securely mint NFTs
- Analyse the smart contract code to ensure the accessibility of digital assets.
How do I know NFT is a scam?
Always make it a point to visit the official website for purchasing any NFTs. Also, double-check the creator details and pricing specifications to avoid scams and buy legit ones.
How NFT phishing works?
Phishing means sending links to fetch the user’s personal information illicitly. Read the blog for more details.
What are the ways by which NFT can be stolen?
NFTs are stolen by giving the details such as seed phrases or clicking on malicious links. Without your private information, the hacker cannot access your NFTs.
What to do if I buy a stolen token?
You can immediately connect with the exchange from where you bought the NFT and explain the situation to them, providing the token ID and URL.