NFT the favorite carrot of hackers – Hackers in the crypto ecosystem are constantly increasing their ingenuity. The latter have understood that NFT holders are prime targets to carry out their attacks. This is how every week we see new methods emerge to steal your precious cryptocurrencies.
NFT: the favorite domain of hackers
NFTs were by far the most vibrant trend of the last bull run. In addition, the latter have succeeded in democratizing themselves outside the barriers of the cryptocurrency ecosystem.
Obviously, their democratization has attracted many new users and therefore potential victims for hackers.
Thus, we have seen the emergence of many types of scams linked to the NFT ecosystem. The platform Discord has been a particular target for posting phishing links.
In parallel with many scams have flourished on Twitter aimed at stealing cryptocurrencies and NFTs.
>> Register quickly on Bitget and make a first trade to get $20 bonus in USDT (commercial link) <<
NFT Airdrop: beware of scams
Obviously, hackers are constantly looking for new methods to steal your cryptocurrencies.
Thus, at the beginning of October, the user @0xQuit unveiled a new scam method through a Twitter thread.
“Some of you have received NFT airdrops with juicy WETH offers. Of course, you probably wondered if it was safe to accept them. I still see a ton of misinformation circulating about this. Let’s clarify what these are scams and how they work. »
NFT Airdrop and Juicy Deals
Many users were surprised to receive free NFTs on their Ethereum address. If you are active in the NFT ecosystem, you probably thought that this was the airdrop of a project linked to one of your NFTs.
However, this is a well-executed scam.
Indeed, the attacker will generously send you an NFT from a new, hitherto unknown collection.
Some time after receiving this NFT, you will see a juicy buy offer for this NFT. Obviously it is attempting to accept this offer and pocket winnings.
0xQuit has sought to identify the risks so you don’t get tricked.
Accepting the offer: real risk or diversion of attention?
Obviously, the first question to ask is: what are the risks involved in accepting this offer?
The answer is surprising to say the least: there is no risk.
“It is important to know that accepting a WETH offer can NEVER compromise you out of another NFT, unless that NFT has a terribly incompetent development team. »
Indeed, in order for the attacker to be able to siphon your wallet, he must somehow obtain your approval. Accepting an OpenSea offer on one of your NFTs does not grant it the right to access your other NFTs.
But then we can accept the offer and sell the NFT to the attacker? Yes but no. Indeed, these NFTs have a particular design. Thus, if you are not included in a list of wallets specified in the collection contract you are not unable to sell the NFT. Therefore, the NFT belongs to you, but the collection is made in such a way that you cannot sell it.
In reality, the airdrop of this NFT as well as the tempting offer are only diversions of attention to make you fall into the real scam.
Phishing scam: the classic case
Indeed, the scam is not at the level of the NFT or at the level of the offer. However, these two elements are there to attract your attention. Indeed, you will probably try to find out more about the project that sent you this NFT.
Also, you may have noticed that you couldn’t accept the offer and look for a way to unblock the situation.
This is where the attacker hopes you fall for it. Thus, the scam lies in the description of the collection of NFTs. On the OpenSea page of the NFT, we can read the description of the collection. Surprise, at the end of it a link allows you to obtain more details on this surprising collection.
This is where the cogs of the scam come into play. Indeed, once on the site, this one requires a signature from the user to interact with the site. As you can imagine, this is the outcome of the scam. Indeed, this transaction is nothing but a “setApprovalForAllwhich would grant the attacker the right to take control of all of your NFTs.
Caution is the mother of safety
As we have just seen, hackers find ways to lower our vigilance. Thus, in this case the NFT received for free as well as the tempting offer are there to make your vigilance drop.
The enticing offer is created to engender curiosity on your part. Coupled with the lure of a potential gain, the attacker hopes that you will lower your guard to better fall into his trap which is none other than a simple phishing link.
As always, stay alert. It is important to always check the type of transaction you are signing. If in doubt, do nothing and do some research first.
Phishing attacks wreak havoc on the NFT ecosystem. Between May and June 2022, hackers managed to steal no less than $22 million just through phishing attacks on Discord.
Caution must become an absolute rule to protect your portfolio. However, you can still accept certain offers with confidence. Sign up now on Bitget and make a first trade. You will then receive a $20 bonus in USDT! Limited-time offer, reserved for the first 1000 subscribers (commercial link, see conditions on the official website).