It’s no secret that the cryptocurrency space can be risky, especially regarding the security of non-fungible tokens (NFTs). Recently, a user on the Blur Marketplace fell victim to a phishing scam and lost approximately $239,676, a source on X (formerly Twitter) revealed.
The details are below, as reported by the source.
A user just lost 6 BAYC, 40 Beanz, and 3 elementals by bulk listing them for 1 wei each to a scammer on Blur.See my previous thread on the mechanics: https://t.co/ihWKpshaIT pic.twitter.com/3sLzMES59A
— Quit (@0xQuit) July 3, 2024
The Phishing Scam
According to reports, the heist targeted six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals, which were swiped from the user’s digital wallet and listed for one $WEI each on the marketplace. WEI, the smallest denomination of ether, the currency of the Ethereum blockchain, made the listing price essentially zero.
The scam was a sophisticated maneuver that exploited a loophole in Blur’s listing system.
The scammer altered the copyright settings of high-value NFTs on Blur, diverting all proceeds to their address. Leveraging a rule that canceled existing transactions, the illicit activity remained masked.
The breach involved listing NFTs without the owner’s knowledge, effectively bypassing the platform’s safeguards.
Essentially, the scammer tweaked the royalty settings of the NFTs, effectively sidestepping the platform’s policy against private listings. This allowed them to set up a private sale, ensuring that only their address could complete the transaction.
Pink drainer has learned how to hack his way into enabling private sales on Blur.Normally, Blur doesn't offer private listings. Any listing you create is open to be fulfilled by anybody.But lately, Pink has been buying items for 0 eth on Blur. How?1/
— Quit (@0xQuit) June 1, 2023
0xQuit, a Solidity developer and auditor, shared this report, shedding light on the probable tactics used by the scammer. It appears the scam was set up as a bait-and-switch tactic, luring the user in with the promise of a free NFT mint or airdrop event advertised on social platforms. Once the user engaged, they were deceived into signing off on a transaction on a fraudulent website.
You’ll recall that Coinfomania had reported a similar phishing scam earlier in May, where a scammer (PinkDrainer) ‘drained’ the user (tatis.eth) of three BoredApeYachtClub NFTs worth around $145,000.
#PeckShieldAlert ZachXBT has detected that tatis.eth has fallen victim to a phishing attack, resulting in the loss of 3 #BoredApeYachtClub NFTs, specifically #BAYC #7531, #BAYC #6736, & #BAYC #2100. The scammer #PinkDrainer has already sold the stolen #BAYCs for a total of ~48.5… pic.twitter.com/vU0EPndvRM
— PeckShieldAlert (@PeckShieldAlert) May 9, 2024
Keeping Your Funds Safe and Hot Wallets Protected
In the wake of this incident, users are urged to be vigilant when trading or storing digital assets. Basic precautions such as double-checking URLs, being wary of unsolicited communications, and keeping private keys secure can go a long way in preventing such unfortunate incidents.
As the saying goes, “Better safe than sorry.” In the unpredictable world of trading cryptocurrencies, these words are especially relevant.
Here are some crucial tips to remember:
Double-check website URLs: Scrutinize every link before clicking. Malicious actors often create websites with URLs that closely resemble legitimate platforms. A single typo could lead you to a perilous phishing site.
Beware of unsolicited messages: Never click links or download attachments from unknown senders. Phishing scams can also occur through social media and email.
Prioritize wallet security: Utilize strong passwords and enable two-factor authentication (2FA) whenever possible. Refrain from sharing your private keys with anyone.
The post Phishing Scam on Blur Marketplace Costs User Almost $240,000 in NFTs appeared first on Coinfomania.