NFT Scam Techniques to Watch Out For

Although NFTs have grown in popularity, scams involving NFTs are a real thing. Studies suggest that NFT frauds are likely to increase. This is because more artists and designers will adopt NFTs as a cash stream. 

To stay secure, users must remember that NFTs are a new technology that needs to be improved and that NFT frauds and crypto scammers are a fact of the current situation.

According to a report released by the Federal Trade Commission on Friday, well over 46,000 users claim to have lost over $1 billion in cryptocurrency to scammers since 2021. This means that the losses from the previous year were approximately 60 times more than in 2018.

The Rise of NFT Scams

Social media platforms such as Facebook, Instagram, Telegram, and Twitter were listed as sites where most scams took place since 2021. Others revealed that false investment schemes and crypto apps lured them into the deceit of the scammers.

Most attackers have used airdrops in the past to bait their victims. But some of those methods are becoming recognized due to repeated use. However, scammers have appeared to be innovative in their approach. Some have cooked up new schemes to rob users of their funds.

STEPN, a blockchain-based NFT game app with Game-Fi and Social-Fi aspects, has become the latest project to suffer an attack. NFT Scam Alerts, a scam detector platform, warned STEPN fans to be careful of a scam account that had gathered over 70k followers and was already verified.

New NFT Scam Technique Detected

DeFi developer Foobar shared a long thread on Twitter exposing a new method used by hackers to rob NFT users. Foobar revealed that a new strategy used by NFT scammers involves dropping an airdrop from an unknown collection in the wallets of unsuspecting users.

Interacting with these scammers could be pointless. However, understanding this method is advantageous in preventing and detecting a scam. Foobar used OpenSea, the world’s largest NFT marketplace, to explain how this new scam technique works.

He wrote, “The way that OpenSea works is through ‘approvals’ to transfer your NFTs or your WETH. An approval is a special smart contract function you call directly on the token contract. It says, ‘token contract, please give this marketplace contract permission to spend my money or jpegs.'”

According to the DeFi developer, this fraud scheme is only possible if the marketplace is untrustworthy. Foobar claims that if a marketplace’s security mechanisms are insufficient, one approved collection can steal from another approved collection. To prevent this, it is best to use a marketplace with verified security.

Foobar noted that when executing NFT transactions, the recommended course of action is to “approve an external contract to spend your money/jpegs by making a call to the money/jpegs contract— and not making a call to the external contract.”

According to Foobar, many believe that interacting with a malicious contract is potentially “safe” as long as their transactions go directly to the malicious contract. However, there is a significant caution to go into this option. This is because you could automatically assume you’re engaging with an external contract. But you’re actually interacting with your own jpegs contract.

He wrote, “A website might say, ‘click here to animate your ape’ but the wallet transaction will say ‘SET APPROVAL FOR ALL.’ This is where people sign away their life savings in an emotional state that’s some combo of drunken/high/sleepy/fomo.”

What’s the Game Plan of NFT Hackers?

According to Foobar, hackers are most likely to use two options if they are unable to gain access to your wallet of valuables:

  1. They could include a malicious URL at the point where users accept a trade. This comes in the guise of a fake message.

2. The NFT that is being provided can be used as a proxy contract that can later be switched for a different use case. The NFT developer alluded to an address, 0x2d1A138f2CB7962d5A270D0C07EA9EA4B59348A5, which he says “receives dust from 260 separate addresses that each created one proxy contract pretending to be a unique collection.” The address presently has an Ether value of $1,865.57/ETH.

The most common explanation for proxy utilization by scammers is gas optimization.

The OpenSea frontend restricts what functions it can perform on a collection. So, most false WETH offers are essentially a ruse to lead you to a malicious site. When you try to accept a false WETH offer, it will allow you to authorize the collection for sale. However, it will backtrack. This is a waste of gas, and the Etherscan revert messages will lead you to fake websites.

In conclusion, looking out for a secure and verified project is the best way to prevent an attack or a possible scam.

⬆️Moreover, for more cryptocurrency news, check out the Altcoin Buzz YouTube channel.

⬆️Above all, find the most undervalued gems, up-to-date research, and NFT buys with Altcoin Buzz Access. Join us for $99 per month now.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.