It seems that over time, it’s becoming easier and easier for hackers to get away with crypto-related thefts. Recently, a Proof Collective member lost 29 Ethereum-based Moonbird NFTs, worth around $1.5 Million, by clicking on a malicious link posted by a scammer.
Pseudonymous Twitter user @CirrusNFT shed some more light on the incident by stating that the scammer dropped a malicious link that redirected the victim to a fake trading site and got him to sign a bad transaction.
Meanwhile, NFT holder @crypt0savage revealed that the culprit had used a similar technique to dupe other investors in the past. Another Twitter user said that the scammer was already half doxxed via a crypto exchange and that the Proof Collective and its members are currently working on a full report to the FBI.
The latest incident is a stark reminder of why investors need to be careful when trading with NFTs, especially on marketplaces or trading websites. Recently, a hacker took over well-known NFT artist Beeple’s Twitter account and posted a series of fake links to a raffle entry where followers could claim one of 200 free NFTs Beeple was supposedly offering. The scam resulted in losses of around $438,000 from Beeple’s followers.
Earlier, attackers had infiltrated Bored Ape Yacht Club’s Instagram account and posted links to a fake website, requesting users to connect their crypto wallets for a supposed NFT launch. Losses in total were estimated to be around $3 Million.
How to identify fake crypto websites?
Double-checking the authenticity of the website by inspecting the domain name is one-way users can shield themselves from such attacks. Usually, fake websites mimic the domain name of an authentic one but carry minor differences that go unnoticed at first glance.
Meanwhile, @GuyIncognitoILV revealed names of a few websites that users should avoid since they were known fakes. The post also showed that links received for an external trading side, a two-way discounted private trade on OpenSea, or a seed phrase request, were almost guaranteed to be a scam attempt. It was also recommended that users hold only the tokens that were needed for a transaction in their wallets.