Although NFTs have grown in popularity, scams involving NFTs are a real thing. Studies suggest that NFT frauds are likely to increase. This is because more artists and designers will adopt NFTs as a cash stream.
To stay secure, users must remember that NFTs are a new technology that needs to be improved and that NFT frauds and crypto scammers are a fact of the current situation.
According to a report released by the Federal Trade Commission on Friday, well over 46,000 users claim to have lost over $1 billion in cryptocurrency to scammers since 2021. This means that the losses from the previous year were approximately 60 times more than in 2018.
The Rise of NFT Scams
Social media platforms such as Facebook, Instagram, Telegram, and Twitter were listed as sites where most scams took place since 2021. Others revealed that false investment schemes and crypto apps lured them into the deceit of the scammers.
Most attackers have used airdrops in the past to bait their victims. But some of those methods are becoming recognized due to repeated use. However, scammers have appeared to be innovative in their approach. Some have cooked up new schemes to rob users of their funds.
STEPN, a blockchain-based NFT game app with Game-Fi and Social-Fi aspects, has become the latest project to suffer an attack. NFT Scam Alerts, a scam detector platform, warned STEPN fans to be careful of a scam account that had gathered over 70k followers and was already verified.
FANS OF @Stepnofficial, BEWARE!
This phishing/scam account has 70K+ followers and is verified by the idiots at @verified.
Do NOT fall for it! https://t.co/9F139MLip4
— NFT Scam Alerts 🚨 (@nftscamalerts) June 6, 2022
1/2
We have been under multiple DDOS attacks in the past hours. Securing the servers and recovery may take anywhere from 1 to 12 hours. We recommend you take some rest during the maintenance or otherwise the work-outs may not be recorded properly.— STEPN | Public Beta Phase IV (@Stepnofficial) June 5, 2022
New NFT Scam Technique Detected
DeFi developer Foobar shared a long thread on Twitter exposing a new method used by hackers to rob NFT users. Foobar revealed that a new strategy used by NFT scammers involves dropping an airdrop from an unknown collection in the wallets of unsuspecting users.
🧵Exploring the latest NFT scam 🧵
"I got an NFT airdrop from an unknown collection into my wallet with a 1 WETH offer. What's going on? Is it safe to accept?" pic.twitter.com/0ZEVLWVzp7
— foobar (@0xfoobar) May 30, 2022
Interacting with these scammers could be pointless. However, understanding this method is advantageous in preventing and detecting a scam. Foobar used OpenSea, the world’s largest NFT marketplace, to explain how this new scam technique works.
He wrote, “The way that OpenSea works is through ‘approvals’ to transfer your NFTs or your WETH. An approval is a special smart contract function you call directly on the token contract. It says, ‘token contract, please give this marketplace contract permission to spend my money or jpegs.'”
According to the DeFi developer, this fraud scheme is only possible if the marketplace is untrustworthy. Foobar claims that if a marketplace’s security mechanisms are insufficient, one approved collection can steal from another approved collection. To prevent this, it is best to use a marketplace with verified security.
Foobar noted that when executing NFT transactions, the recommended course of action is to “approve an external contract to spend your money/jpegs by making a call to the money/jpegs contract— and not making a call to the external contract.”
The danger, of course, happens when people think they are interacting with an external contract but are actually interacting with their money/jpegs contract.
A website might say, "click here to animate your ape" but the wallet transaction will say "SET APPROVAL FOR ALL"
— foobar (@0xfoobar) May 30, 2022
According to Foobar, many believe that interacting with a malicious contract is potentially “safe” as long as their transactions go directly to the malicious contract. However, there is a significant caution to go into this option. This is because you could automatically assume you’re engaging with an external contract. But you’re actually interacting with your own jpegs contract.
He wrote, “A website might say, ‘click here to animate your ape’ but the wallet transaction will say ‘SET APPROVAL FOR ALL.’ This is where people sign away their life savings in an emotional state that’s some combo of drunken/high/sleepy/fomo.”
What’s the Game Plan of NFT Hackers?
According to Foobar, hackers are most likely to use two options if they are unable to gain access to your wallet of valuables:
- They could include a malicious URL at the point where users accept a trade. This comes in the guise of a fake message.
1) When you approve the OS marketplace contract to spend your NFT and then try to accept the offer, the offer acceptance reverts. The error message contains a URL, and if you go to that site it tries to make you sign a malicious transaction
— foobar (@0xfoobar) May 30, 2022
2. The NFT that is being provided can be used as a proxy contract that can later be switched for a different use case. The NFT developer alluded to an address, 0x2d1A138f2CB7962d5A270D0C07EA9EA4B59348A5, which he says “receives dust from 260 separate addresses that each created one proxy contract pretending to be a unique collection.” The address presently has an Ether value of $1,865.57/ETH.
2) The NFT is a proxy contract that can be swapped out for different implementation logic later.
Here is an address that receives dust from 260 separate addresses that each created one proxy contract pretending to be a unique collection. https://t.co/eK9Q2xdjYu
— foobar (@0xfoobar) May 30, 2022
The most common explanation for proxy utilization by scammers is gas optimization.
The OpenSea frontend restricts what functions it can perform on a collection. So, most false WETH offers are essentially a ruse to lead you to a malicious site. When you try to accept a false WETH offer, it will allow you to authorize the collection for sale. However, it will backtrack. This is a waste of gas, and the Etherscan revert messages will lead you to fake websites.
In conclusion, looking out for a secure and verified project is the best way to prevent an attack or a possible scam.
⬆️Moreover, for more cryptocurrency news, check out the Altcoin Buzz YouTube channel.
⬆️Above all, find the most undervalued gems, up-to-date research, and NFT buys with Altcoin Buzz Access. Join us for $99 per month now.