With the NFT market being worth more than $10 billion, it has definitely gained the attention of a lot of people. From NFTs being talked about on the news, to celebrities, public figures and giant companies supporting or even starting NFT projects, it would make sense why hackers and malicious actors have decided to exploit the weaknesses in the system. And in this post, I would like to talk about some ways people have exploited these weaknesses in the system.
Before I start, you should know how NFTs or Non Fungible Tokens work, and since there is a lot that goes on with NFTs, I can not explain everything so I would direct you to this link: Click here
OpenSea email Scam
For this attack, unsuspecting users receive an email claiming to be from OpenSea, and if they were to click the link it would lead them to a fraudulent website, and ask them to connect their wallet, it would then ask them sign the “Approve All” transaction, which would then let the attacker initiate transactions from their wallet. With that, they are then able to sell the NFTs in the victims’ wallet to themselves for 0 ETH, or way lower than what they are worth.
According to OpenSea, 17 users fell victim to this attack, and the attacker made stole numerous “valuable” assets such as: 3 Bored Ape Yacht Club, 2 Clonex, 17 Azuki, and 631 ETH. Everything is estimated to cost at least $1.7 million
Phishing attacks are the most common types of attacks used for stealing NFTs.
LandMine NFTs
@opensea One of me wallets was hacked wtf man pic.twitter.com/BbZ4FKtr6h
— Waka Flocka (WakaFlocka.eth) (@WakaFlocka) December 28, 2021
This is also another method hackers have used to drain peoples wallets, by airdropping an NFT into a persons wallet, and if they choose to sell the NFT or transfer it, the NFT drains the victim’s wallet.
The way this works is that initially, the smart contract of the malicious NFT is a wallet draining contract, but it would not have permissions to do anything until the user interacts with it. But once the user interacts with it, then it is going to have the permissions to interact with the users wallet, and then draining it.
If you receive an airdropped NFT that you do not trust, NFT traders advice that you just hide it, where it is still in the wallet, but it is not on your main page.
Conclusion
As you can see from the methods used above, even if you are using a “Web3” platform, you can still fall victim to different cyberattacks, and the ways to protect yourself from such attacks are similar to the “Old internet” solutions such as:
- Do not click on suspicious links
- Only give permissions to systems that you trust
- If you do not trust something, test it in an isolated environment, in this case a “burner wallet”
- If something feels too good to be true, then it probably is.
Sources:
It’s entertaining how so much money was stolen through phishing, an old attack method that one would assume tech savvy people, such as nft users, wouldn’t fall victim to. However, the concept of landmine nfts are definitely new and sound like a design hindsight. I hope openseas is working their best on removing such malicious nfts. I enjoyed this article!
Interesting topic! Day by day its getting worse in the NFT platforms a lot of faking and stealing going on. OpenSea has risen at a breakneck speed, with a market capitalization of $20 billion. However, several artists claim that, despite its meteoric ascent, the firm is doing much too little to prevent the trade in fake NFTs, and that it is putting far too much of the duty of regulating art fraud on the artists themselves.
Interesting read! With advancements in technology there also comes increased risks and those landmine NFTs are definitely something people should be made more aware of. It seems impossible for an airdropped photo to be capable of draining your wallet, yet here it is. Apart from phishing, landmine NFTs are something that Opensea should address and inform its users on.
Good read! NFTs are half uncharted territory in this sense, because of how new and complex it is, so I’m not surprised that people would fall victim to such a method. However, hopefully this teaches people about being more aware and careful when dealing with them.
Once again we are shown that NFTs and Blockchain security does not matter if the people aren’t privy to these scams and gaps in their own security. The airdrop method was interesting to read about. As we transition into Blockchain transactions, it will be interesting to see the race between hackers/exploiters and the developers of the systems.
Definitely a bit of a hole in the supposed security of things owned via Blockchain, as no matter how secure they are, there is always the human element. Personally, I find it hard to feel sorry that the same people who spend that much on a picture of a monkey and then brag about it excessively are getting scammed out of their apes, but at the same time it does showcase the need to educate people on some of the basics of internet scams so that they don’t fall prey to them and lose upwards of a million dollars. Hopefully OpenSea takes the initiative on this and makes a good name for Blockchain, as it is a useful tool often being used by fools and having a bad name made for itself.
This is very interesting scammers are getting smarter day by day. All they had to , is to use their old friend “phishing”. In first world countries like Canada, people are somewhat aware of phishing and no the ways they should adapt so that they do not fall a victim to such tricks. However, people with little knowledge about technology or someone who has not heard of phishing scams, they cam easily get pawned. Phishing has now advanced to another level now. Even the websites and links look so real, that an educated person will not understand that a url is fake. I think all digital wallets should have some 2 factor authentication, so that even if the scammers want to access your wallet, they can not. However, I understand it is easier to say than implement.
Interesting post. With NFTs becoming so popular, I feel that it was inevitable for hackers to start going after them. These methods for stealing NFTs were very interesting to read about. Especially the airdrop method, I had no clue that airdrop could be used in such a way. Since NFTs are getting so popular, there needs to be increased security precautions against NFT thefts and hacks, especially since they are so expensive. Some of these bored apes for example, can go for millions of dollars.
With not being involved at all in the world of NFTs, this news makes me worried for anyone who is. This feels like the natural evolution of the types of attacks we see all the time of a file being sent by an unknown party that secretly has malware in it, but people are more likely to fall for these since NFTs are such a recent development and people aren’t expecting to have attacks come from them quite so soon. Good post, I have become much more aware of some of the dangers of the NFT world
Great post. I don’t know much about the NFT but they seem to be the hype. Clearly, when there is demand, there will always be people who will steal from others to fulfill the demand. Also, since NFT is such a new concept, people are still learning the dangers of cryptocurrency and how easy it is to gain access to private information. I think many companies that work with NFT should invest time and energy into informing users of the common scams that people find themselves in. I believe that this would go a long way. I have a question for you. Do you think there are services that can provide detailed information on how one can protect themselves when working with NFT?
Hi,
This was an interesting topic. It was surprising how people fall for the easiest scamming trick. Seing NFT’s becoming so worldwide these days makes me want to get involved so this really was a good information for me to adapt. What surprised me the most while reading the article was airdrop method. I usually have them off so it’s a good thing but I never expected airdrop could be used as a hacking method!
It seems the gold rush of technological assets like NFTs and crypto has made users more susceptible to these sorts of scams. Often times the appeal of “getting rich quick” fuels an innate human greed, making people blind to the risks involved. This is even more true for a younger generation who has grown up trusting the internet.
The post tells that NFT with high market value has received public attention. Hackers use the weakness of this system to attack and consume the victim’s wallet. Malicious attackers will obtain users’ transaction approval and steal their assets through email fraud. Since the transaction can only be executed after the user’s approval, that is to say, if the user does not approve, the attack can be prevented. Never trust these suspicious links, and don’t try to open them. In order to protect the security of our assets, we should use NFT carefully to avoid becoming the victim of network attack.
Great post! When new technology comes out, there will always be people who trying to take advantage of this new and yet unexplored technology. As NFTs generate hype and money, it will also attract scammers with malicious intention. As Arjun said in the comment, it is quite ironic to see such an old scam technique was very successful at stealing so much money from tech savvy people like nft users. Also, it is disappointing to see Opensea is not doing enough to protect their users. They should take initiative to inform and educate its users. Such scam not only affects its users but also it can be detrimental to company’s reputation.
Though I’m not too well informed on NFTs, It’s foolish to hear that people still fall victim to these phishing schemes. NFTs are a digital asset, so just as every valuable piece of information that is stored digitally, they should be treated the same way: with the utmost security criteria. I think it is imperative that effective security measures following appropriate identification, authentication and authorization must be implemented to high-value assets. People’s assets should be held to the same security equivalence as banking institutions because such lofty amounts of money are on the line. Overall, NFTs are a new digital asset that people aren’t very familiar with. Therefore, OpenSeas should be accountable for informing their audiences about protecting their private information and preventing these kinds of attacks.
Thanks for the informative post. It is crazy to see the amount of monetary value that is passed around with crypto, especially with transactions involving purchasing and selling NFTs. I do not really see how this is the fault of OpenSea as some other people are expressing in the comments, however. With a phishing attack like this, although tragic, it is unfortunately the responsibility of the user to make sure whatever links they are interacting with are a valid source. As mentioned, a good course of action is to use a “burner wallet” or multiple wallets to redistribute your portfolio to mitigate the consequences of something like this happening.
NFT’s are a super interesting technology that really helps digital artists provide digital ownership of their work. However, like all things with monetizable value, this leads way to scam artists & short-sighted actors to flood the space looking to make a quick buck. Since many still don’t know about NFT’s these types of scams tend to fly under the radar and will provide a bad impression looking for anyone to get into the space. It’s unfortunate that many people overlook the technology itself and dumb it down to “being able to sell JPEG’s” to everyone else.
Airdropping NFTs and draining the wallets! Well the term ‘phishing’ is actually going to the next level. Once again I think that the steps that have been mentioned about how to not actually accept unknown links about NFTs definitely need to be carried out. And also the user needs to stay alert as trading NFTs is actually being so popular corresponding to the money it generates, hackers will obviously try coming up with more vulnerable methods to of stealing data.
Another trend involving the general public and lots of money leading to people losing their life savings and crying over it on Twitter? I’ve seen this one before! *cough* crypto bubble *cough*.
In all seriousness, its interesting to see how the blockchain and NFT system is being used as a vector for malware, that wallet drain contract is especially interesting to me as I didn’t really see that one coming at least with my rudimentary understanding of blockchain. Its always nice to see the old internet gospel coming back to help protect the unwise from getting every dollar stolen out of their bank accounts, but as long as someone with wallets bigger than brains falls for one of these traps, we can only expect them to get more elaborate over time.
Thanks for the post, was a very interesting read!
Another trend involving the general public and lots of money leading to people losing their life savings and crying over it on Twitter? I’ve seen this one before! *cough* crypto bubble *cough*.
In all seriousness, its interesting to see how the blockchain and NFT system is being used as a vector for malware, that wallet drain contract is especially interesting to me as I didn’t really see that one coming at least with my rudimentary understanding of blockchain. Its always nice to see the old internet gospel coming back to help protect the unwise from getting every dollar stolen out of their bank accounts, but as long as someone with wallets bigger than brains falls for one of these traps, we can only expect them to get more elaborate over time.
Thanks for the post, was a very interesting read!
I knew phishing was used to scam/hack people to get into their crypto wallets and NFT wallets but have never heard of airdrop NFT’s where if you interact with it it can drain your whole wallet! That just seems crazy to me! Since NFT’s have gained so much popularity, I feel like there are a lot of people who are not educated fully on topics like this (or cyber-safety in general) and make for easy bait for hackers.
Hey, that was an excellent post. Because NFTs have become so popular, I believe it was only a matter of time before hackers began targeting them. It was fascinating to learn about these strategies for stealing NFTs. A surprising amount of money has been taken as a result of phishing attacks. People who have a limited knowledge of computers or have never heard of phishing scams are at risk of being hacked. Phishing has now reached a new level of sophistication. Even the websites and links appear to be authentic, and even a knowledgeable person would have difficulty determining whether or not a URL is fake. Landmine nfts, on the other hand, are a completely new notion that appears to be a design defect.
While decentralized assets have many benefits, they do lack one thing; the security that comes with decentralization. While not at all perfect itself, centralized security brings the force of the government and large entities, and more importantly, more people in those organizations are familiar and knowledgeable with the protocols to protect centralized assets. Crypto, blockchains, and digital wallets are all relatively new, so when something does happen, it is often the case that nothing can be done about, the authorities probably know less about it than you do. Thank you for the post and attached videos.
This was a really good topic to write about! In the online world, there is no question that there will always be frauds. Whether its about draining someones wallet online or scamming or misrepresentation, all are pretty normal occurrences. Since thats a given, the innocent users can only protect themselves from being victims by being more cautious. By increasing security everywhere on the internet and keeping less private information on the internet, chances of being threatened would be reduced significantly. I personally am not interested in NFTs but I do see a lot of rappers nowadays have their own NFTs. Even “Waka Flocka” who is a rapper, also got his wallet hacked. This is really unfortunate but all people can do is just protect themselves and be aware of clicking on the wrong links or getting into any suspicious sites.
All in all, this was a really informative post.
This was a really good topic to write about! In the online world, there is no question that there will always be frauds. Whether its about draining someones wallet online or scamming or misrepresentation, all are pretty normal occurrences. Since thats a given, the innocent users can only protect themselves from being victims by being more cautious. By increasing security everywhere on the internet and keeping less private information on the internet, chances of being threatened would be reduced significantly. I personally am not interested in NFTs but I do see a lot of rappers nowadays have their own NFTs. Even “Waka Flocka” who is a rapper, also got his wallet hacked. This is really unfortunate but all people can do is just protect themselves and be aware of clicking on the wrong links or getting into any suspicious sites.
NFT’s are such a weird thing for me. I have seen people react to NFT scams, similar to this one, by saying things such as the victims deserve it for spending so much money on a jpeg. Its just such a weird concept where even though the victims of these scams are being stolen from, that people turn on them just because of the bad reputation NFTs have gotten. But I guess it is only natural for bad actors to target these people since there is so much money involved in that community and it is a very modern type of art heist. great post!
Whenever I hear about NFTs nowadays, I get suspicious since the whole concept of NFTs has gotten a negative reputation in recent months and for valid reasons. People term the whole idea of buying and selling NFTs as a Ponzi scheme and from certain angles, it does seem like it.
But regardless of the business model of NFTs, the security surrounding them does not seem so promising if so much can be lost via phishing attacks. Seeing how security is still weak when we’re dealing with web3 is concerning. And having your valuable digital assets stolen on the blockchain is no joke. The fact that you can have your NFTs be compromised just by interacting with another air dropped NFT which you probably have no clue of is scary. I mean, from the screenshot I can see that big-name celebrities like Waka Flocka lost his NFTs from his OpenSea wallet, so anyone can be a victim. Companies like OpenSea needs to improve their security protocols and people in this day and age should not be falling for phishing emails, especially those who are smart enough to be interacting with blockchain technology and web3 platforms.
This is the reason why I’ve never wanted to get involved with NFTs. For me, buying NFTs is similar to buying a house but random people can still freely go inside. It increases art theft and is also bad for the environment. And now, those people even after paying thousands of dollars, still have to face with potential for fraud and scammers. That’s why I think NFTs are extremely risky assets. Thanks for a great post!
Interesting read that once again shows that the biggest threat online is to trust untrustworthy messages or people. The amount of spam-emails that look like emails from well-known websites or companies I receive in a week is impressive, and some of them are really convincing. It is important to be aware that most threats really do come from phishing attacks and everyone should always be cautious when trusting people online.
Especially the hype with NFTs and Cryptocurrencies has led to a spike in such attacks, as it can all be handled anonymously and once something got transferred, it is pretty much impossible to ever retrieve it again.
Thanks for sharing this, a friend of mine was talking about NFT’s and I never understood what was it until now, these days people can clone emails and send them back to you making it look like an email from a certain company and we should be careful on that, well sometimes it might be unable to suspect them because they send an email through a company that you trust so you got no doubt on it.
Although NFTs have gained immense popularity in recent months, it is evident that NFTs are not risk-averse, as one might initially assume. NFT are at a high-risk of scams, many of which are perpetrated by malicious actors who may impersonate well-known creators and sell fake certificates of ownership. Evidently, the most serious NFT vulnerabilities can be attributed to NFT trading. The issue is that artists will not even know that their work is being sold without their consent. In other cases, NFTs purchased by individual art lovers may become inaccessible. For example, when a user purchases an NFT, they get a reference to the file where the artwork is stored, but this artwork is not logged into the blockchain. Instead, it can be stored anywhere. NFT platforms can decide to close their windows whenever they please, and consequently, a user cannot display his file, although it still exists. In my opinion, NFTs are extremely vulnerable and prone to malicious cyber attacks, and thus, I am intent on staying away from them until security is increased, and the industry environment, becomes more regulated for NFT users.
Very Intriguing posts! With this much popularity of NFTs, it is definitely very vulnerable to frauds. Using the “old internet” solutions as you mentioned, is definitely the most important thing to protect ourselves.
It sucks to see new comers to the NFT market who have no idea what they are buying and selling and dive in head over heels because of FOMO. Websites like OpenSea should have some course material or background information that users are required to read/pass in order to use their platform, this could cover things like phishy emails and other best practices.
Great Article!
I’m surprised that people who owned such valuable NFTs fell for a simple phishing attack. You would think someone who owns such a valuable digital resource would be more informed about cybersecurity and would examine all the URLs carefully before authorizing an transaction. I will admit that the screenshot of the email you provided was very convincing, probably the most legitimate looking phishing email I’ve seen. However, as email users, we must assume that attackers are able to perfectly replicate the appearance of a legitimate email. That is why it’s so important to double check the email address it came from, and if you’re suspicious or just not sure, reach out to an outlet of the company and ask.
It was a good read! Because NFTs are new and sophisticated, they are half-uncharted terrain in this regard, therefore I’m not shocked if individuals fall prey to them. However, it is hoped that this would teach people to be more observant and cautious while interacting with them. Unfortunately, many people miss the technology and reduce it to “being able to sell JPEGs” to the rest of the world.
Nice Post! That`s great that NFTs are securely recorded on a blockchain — the same technology behind cryptocurrencies — which ensures the asset is one-of-a-kind. The technology can also make it difficult to alter or counterfeit NFTs. To get a handle on NFTs, it’s helpful to get familiar with the economic concept of fungibility.
Wow! I had heard of the OpenSea email scam before, but I didn’t know that attackers would be able to initiate transactions from another wallet simply by having the owner sign an “approve all” transaction. I’m certainly going to be more careful what I sign when transferring ETH moving forward! Also, I had no idea that LandMine NFTs existed. I think that it’s super interesting (though terrifying as well) that malicious NFT can acquire permissions to interact with the user’s wallet, simply by having them interact with it upon being airdropped.
Awesome Post.
just goes to show that these hackers are getting more intelligent each and every day. They have certain strategies to make victims fall for their realistic traps such as the fake email from OpenSea or airdropping an NFT into a person’s wallet. like you mentioned, if something feels too good to be true, then it most likely is.
Good post. With NFTs being, by their nature, high risk and high reward money grab for everybody there would be people who would try to exploit the lucrative opportunities in exploiting people’s emotions and lack of awareness for what they are getting into. At the end of the day, and what many other individuals have noted, the ‘person’ still remains the weak link despite efforts to deflect and resolve these problems posed by these hackers. From what this article shows, and the many other cases surrounding NFTs, these NFTs appear to carry too much risk that makes one’s potential fortune less desirable to try and gain. What anyone is working for can easily fall apart by airdropping an NFT or phishing. The best course of action is simply to stay clear of NFTs and invest in safer options.
Great post! I can’t help but feel some satisfaction at seeing NFTs get stolen (even though it is unethical)! It’s funny to me how, despite being decentralized, NFTs are commonly traded on a very centralized platform (OpenSeas) which provides a very easy target for phishing attacks. It was interesting learning about the wallet-draining NFTs, that’s a pretty devious strategy from the attackers, and really goes to show how careful you have to be online, whether in traditional web spaces or in Web3.
Nice post! It seems that no matter what platform phishing attacks will always one of the most succesful types of attacks. The wallet-draining attack is interesting as a concept as it relies on the users to interact with the NFT. I would think that this type of attack would not work as well because I am suspicious of any new or unknown links and objects online and would not interact with them. NFTs seem to have to many security risks as opposed to more conventional investment methods and for most people not willing to do their research the risks will probably outweigh the rewards.
Of all the weird and controversial things about NFTs, I am somewhat surprised that theft was not one of them earlier on. The methods that you outlined are not even that unthinkable (phishing scams are ancient, as are airdrop malwares), and the potential money to be made from stealing NFTs is immense. I do think this represents a decent learning opportunity as far as tech goes, however; Not only are tech savvy people who understand and engage with things like NFTs not immune to attacks, but it is far more dangerous for the average person to jump into something like this than a traditional investment. During this course, I think it has become apparent that being engaged with tech does not necessarily equate to good security practices (which have more to do with education, care, and research), and most people are not well equipped to deal with the risks. Not that I would be jumping onto the NFT train anytime soon myself, but I do think that the reality that a persons entire networth can be stolen through an airdrop makes me even more repulsed. Before getting involved in such tech reliant enterprises, people should consider whether they make good decisions online, are educated about the risks, and whether they are willing to seek the education necessary to develop these skills, or else they risk devastating losses like the individuals outlined.
This post is the first instance I’ve read about, where hackers have used smart contracts and blockchain to steal something. What I am left wondering is how something stolen on a public blockchain can be recovered. Shouldn’t some of the information contained in the blockchain allow authorities to determine the identity of the thief? I would have assumed that theft would be much more difficult on a public blockchain.
This is likely the funniest topic of any blog post here. I remember laughing at the “all my apes stolen” tweet months ago, and I’ve seen memes about it as recently as the past week. I considered writing my blog post about this, but I decided I would be far too biased. Nice to see that you’ve covered the topic and given it a thorough and unbiased analysis.
One thing I find amusing (other than the topic itself) is that the first method covered in the article was the tried and true phishing link. Even something as new and mostly aimed towards more tech-savvy users is vulnerable to this. Unlike gaining access to a bank account like this, a crypto wallet is a lot easier to clean out without consequences. Airdropping NFTs is more along the lines of what I would have expected cyberattacks on NFT bros to resemble
Great post! This is a great reminder that hackers are continuously evolving. I remember when people touted NFTs as “safe” because of some blockchain black magic. Oftentimes, it’s easy to put blind faith behind a system because others think that the technology is safe without understanding how it really works. I think that because NFTs have something to do with the blockchain, the faith that others put into “the blockchain” makes them vulnerable to “old” attacks like phishing.
It is crazy to see the amount of money that was stolen by a very basic method of attack, phishing. It was interesting to learn about the wallet-draining NFTs. It is not really OpenSea’s fault. What could they have done about this? It is simply the user’s fault which really goes to show that you should always be careful while you are online.
Great Post! It is mind boggling the amount of money that was stolen from just 17 users. NFT are the new thing now and with any new hype there will be people who want to exploit people. I never knew about wallet-draining NFT. Users should be careful especially with new things such as NFT where someone may not know how it works. Once again very interesting post and I enjoyed reading it!
That was a great post to read! I believe that NFT is a massive risk because they might sell NFTs not even present in the digital world. In comparison to more traditional investment strategies, NFTs appear to have too many security risks, and for most people who are unwilling to do their study, the dangers will likely outweigh the benefits. I was amazed to know about the airdropping method because I always recieve them alot and I have never considered the fact that hackers can use them by any means. Overall, that was a great post to read!
Thanks for sharing such an informative blog post! I believe wherever there is lots of money involved, there will be individuals out there looking to exploit that. NFT’s seem like a very high risk move to make a quick buck. I didn’t know about the airdropping technique that can be used by hackers. Ultimately, I’ll be avoiding NFT’s because of the high financial and security risks associated with it.
It was important to talk about the NFT scams on the rise as NFTs popularise. I believe the scams will get more sophisticated in the near future. It is astonishing to know that someone owning valuable digital assets such as nfts fell prey to a simple phishing attack. It should be a no-brainer to avoid connecting your crypto wallet through a link you received in an email.
One of the main components of the value of cryptocurrency is the fact that the wallets generally cannot be hacked. After all, if it could be involuntarily transferred from one wallet to another in a way that could be reproduced repeatedly, then all of a sudden noone is going to want to hold it, and it’s value will tank to zero. Do you think that an influx of cases such as this one with NFTs being taken from peoples wallets will in any way impact the potential or actual value of other NFTs on the market?
hacking through fishing link is well known by everyone. People are aware of it. Still it is one of the leading way by which people are bing hacked.
As NFT’s become more popular, I think it is important to stay well informed. It is difficult for the average person to verify the authenticity of an NFT and there needs to be more awareness raised around this issue. I enjoyed reading about how smart contracts can be used to drain a user’s wallet.
I still don’t understand NFT fully, but I do understand phishing. No matter what day and age we are in, it just goes to show you. If something is profitable and you have access to it, there will always be someone trying to steal it. With how tech educated people are nowadays it’s almost sad to see people still getting scammed by one of the oldest scams in the book. Don’t click suspicious links, people. If you ever click a link that wants access to something, READ it’s most likely a scam, as official websites almost never need it for anything. The airdropping smart contract scam is something I have never heard of before, and quite irritating I imagine for people who have to deal with it. I’d say turning off airdrops would be the best option for solving that problem though. I hope it’s a lesson well learned for those involved, but I do pity them a bit. Good post!
This is an interesting post! As the market value of nfc increases, more and more people begin to pay attention to or enter this field. At the same time, some people start to try to use phishing websites to cheat money. This also reminds us to be careful when entering a field.
There is definitely heavy risk involved in such a lucrative industry. This post perfectly illustrates this point. Even with how evolved the digital world has become, all it takes is just a simple phishing link to completely swipe you of all your valuables. An attack valued at over a million dollars is just insane by any standard. This is why it is important to educate yourself on information security: to prevent falling for phishing scams like these ones. Great post!
The malicious email scam is one of the oldest tricks in the book. The fact that people are still falling for this (especially people who are supposedly intelligent enough to make money via NFTs) is tragic. The airdropping attack is a much more sophisticated and I can see a lot more people falling for that, but despite that, if someone is pouring tens of thousands into these NFTs, they have to be competent enough to avoid these scams.
It’s interesting to see people falling for the old trick of phishing. After receiving 20+ scam phone calls claiming to be from CRA, it’s human nature to be alarmed at similar calls. However, I think that when it comes to something unfamiliar, in this case, a new form of digital assets, people tend to be unsure as to what to trust and what to be cautious about. This is why understanding security online is so important. A little more research and caution never hurt when it comes to unfamiliar things.
Great post! I do not know much about NFTs so it was very interesting to learn about them. After going over topic 10 in lectures, I realized some phishing schemes are really realistic. Now with NFTs becoming more popular along with NFT scams, it’s really important to legitimize sources when it comes to phishing. It was interesting to read about how hackers use airdrop to scam people. I would have never considered that as a method of draining your wallet. This was a good read, thanks for the very informative post!
Sad but please take down the picture of the NFTs as you do not own them, but in all serious its very common to see phishing attacks I wonder if they have an email keyword that some sites provide to make sure that the email sender is associated with their account as I’m pretty sure like crypto.com has an anti phishing code with their emails. Interesting to see that an airdropped NFT can steal NFTs from a wallet, I didn’t even know about smart contracts and would’ve not known about it. Thank you for sharing this post as all my lions and monkeys, and bricks can be safer!
Nice post! I think it is kind of funny that of all the hacks out there, the one to steal some NFT’s were just the standard phishing email. I would think that considering the complexity of NFT’s, someone would find some sort of hole in the system and steal them that way, but no… they simply sent a fraudulent email to an NFT enthusiast and stole them that way. I guess it is always important to look out for fraud regardless of what it may be about. Great post!
As much as really I dislike scammers, it’s hard to feel sorry for the people who fell for the phishing scam. With how cryptography-oriented the whole cryptocurrency space is, these people really should have known better than to blindly sign full access to their wallets away like this. I suppose that with any system that makes use of the most secure cryptographic measures, the weakest point of failure will always be the humans interacting with that system.
As much as really I dislike scammers, it’s hard to feel sorry for the people who fell for the phishing scam. With how cryptography-oriented the whole cryptocurrency space is, these people really should have known better than to blindly sign full access to their wallets away like this. I suppose that with any system that makes use of the most secure cryptographic measures, the weakest point of failure will always be the humans interacting with that system.
As much as I really dislike scammers, it’s hard to feel sorry for the people who fell for the phishing scam. With how cryptography-oriented the whole cryptocurrency space is, these people really should have known better than to blindly sign away full access to their wallets like this. I suppose that with any system that makes use of the most secure cryptographic measures, the weakest point of failure will always be the humans interacting with that system.
Great post! I’m actually quite surprised how far people can still get today with phasing attacks which seemingly have been around for a while. Although NFTs are “in” right now I personally see a bigger risk than benefits to most people in them. This scam is a great example of the uncharted area that exists with NFTs and there are also those that are jumping on the bandwagon rather than really do their research.
Thanks for an interesting blog. Somehow I feel like NFTs and its system is yet fully developed. Thus it is not fully secured. There are many holes in authentication, payment, copyright, etc. I once tried to look into NFTs and make a transaction. However, it was very hard to verify either the piece or the source.