The cryptocurrency industry has always been plagued by opportunistic scammers, from those who posted deceptive tokens via Twitter (for example, in October 2018, a Twitter authentication account posing as Elon Musk tweeted that if people send to an address If you send 0.2-5 BTC in the middle , you will get 1-100 BTC, which was later proved to be a fraud) , to use token airdrops as bait. If the user moves these tokens, the encrypted assets in the user’s wallet will be stolen.
Nowadays, as the sales volume and price of NFTs keep hitting new highs, scammers have changed their strategies to seek profit from this growing NFT market, and their tricks seem to be working! These scammers mainly use two methods to access the victim’s wallet and steal any assets inside.
Pretend to provide support services
One of the main strategies is to pretend to provide support services on behalf of the NFT market OpenSea .
This strategy is very effective because users often encounter many problems when they come into contact with NFTs, such as checking whether a certain NFT collection is officially issued, the problem that NFTs are not displayed in the wallet, or sometimes the displayed attributes are incorrect and many more. Users need to seek help when facing these types of problems. Therefore, confused buyers of NFTs either seek help from the NFT issuer or seek support from the NFT market they use (such as OpenSea).
Under normal circumstances, NFT buyers will seek help on the messaging platform Discord. At present, the Discord platform has developed into the center of NFT-related activities and exchanges.
The problem is that it is very simple for anyone to create an account called “OpenSea Support” or similarly named on Discord and navigate among the many chat groups on Discord. When someone asks a question, these fake support service accounts will provide “help” by sending a message directly to the questioner.
This very effective deception strategy involves the browser wallet MetaMask . The scammer will invite the user to share the screen and direct the user to a specific location of the wallet , which is designed to connect the user’s wallet with different devices. By doing this, the scammer will be able to create the wallet on his device and gain full access to the user’s funds .
Since this has become a big problem, MetaMask has temporarily disabled this feature .
But before that, Jeff Nicholas, Creative Director of Authentic AI, encountered this situation. In a Twitter post, he described how he sought support on OpenSea Discord, and eventually a Discord user named “OpenSea” sent him a scam message directly. Jeff eventually showed the crook a wallet QR code that allowed the wallet account to be transferred to another device before he discovered that his wallet was emptied.
Afterwards, Jeff wrote on a tweet: “They (the scammers) transferred all the assets, including all my Apes (NFT), Dogecoin , crypto cat and airdrop tokens , and all ETH.”
Although this attack is no longer effective on MetaMask, the key is to realize that there are some so-called “support accounts” on Discord , which will use any possible trick to steal your funds!
Take advantage of people’s doubts when casting NFT
Scammers will also pay special attention to the “casting” of NFTs because they realize that this is an excellent time to catch NFT buyers by surprise.
We know that when a certain NFT project will be launched, a public launch time and date will be announced in advance. At this time, the NFT website will provide a “mint” (minting) button, and anyone can mint one of the total NFT by paying (for example, there are only 10,000 CryptoPunk and Bored Ape avatars in total). If the demand for casting the NFT is high, then the NFT may be sold out in a few minutes or even a few seconds. This may make the NFT casting moments feel stressful and extremely competitive, especially when the casting of a certain NFT does not proceed as planned, which often happens . This will cause NFT buyers to have a lot of doubts, and scammers take the opportunity to make a profit.
Before a certain NFT project starts minting, individual NFT buyers will seek information about where the NFT minting will take place and other key details (the best place is to go to the FAQ (Frequently Asked Questions) page of the NFT project) . During this period, if there are any questions, buyers will seek answers and solutions. For this reason, they usually gather in the relevant Discord main chat group.
One strategy of the crooks is to pretend to provide NFT casting services . At this point, scammers will indicate that there has been a problem with the casting of the NFT, and the only way to obtain the NFT is to send the encrypted assets to their designated wallet address.
Another example is that scammers will post a fake link , claiming that a certain NFT project will mint and distribute in the link. Usually, the link looks a lot like the official website of the NFT project, but the link is likely to steal all the NFTs in the user’s wallet.
For example, this particular deception strategy affected Messari analyst Chase Devans. He used a NFT minting link that his friend saw on Discord and shared with him. When he tried to mint an NFT on the website, the SOL tokens worth $15,000 in his wallet and all NFTs were scammed. gone.
This deception strategy was very effective in yesterday’s Solana-based NFT project Aurory . A scammer’s wallet eventually received 1.5 million US dollars and 350 NFTs, although some of these NFTs were later frozen. Because a bug in the Aurory casting contract caused the NFT to be sold at 1 SOL instead of 5 SOL, the scammer finally made more money than the issuer of the NFT.
A related aspect of this is that the popular Solana wallet Phantom has an automatic approval function that can approve any transaction from an approved website (in order to make NFT minting faster). But this may allow the site to approve various other transactions and may put users’ NFTs at risk. Phantom has indicated that it is removing this feature.
The main advice I want to give is to check if you are using official links when casting NFTs . Official links can usually be found on the FAQ page of the NFT project; do not use any links provided in a public chat group ! In addition, it is recommended to create a separate wallet address for each NFT minting , so that at most you will only lose the assets in the wallet.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/what-are-the-common-tactics-used-for-fraud-in-the-nft-field-how-to-avoid-being-deceived/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.