Non-fungible tokens (NFTs) have become a hot target for cybercriminals, especially school children. These young criminals are using phishing attacks and other techniques to steal millions of dollars in NFTs and tokens.
One recent incident involved Orbiter Finance, a decentralized finance (DeFi) project. A purported journalist managed to gain control of the project’s Discord server and announce a sham airdrop. This led unsuspecting community members to a phishing site, where they were tricked into giving up their NFTs and tokens. The attacker was able to steal over $1 million worth of assets.
This is just one example of the many NFT phishing attacks that have been carried out in recent months. Security experts say that there has been a staggering increase in such attacks since December 2021. Over the past nine months, these attacks have impacted around 32,000 victim wallets and looted NFTs and tokens worth an astounding $73 million.
The orchestrators of these attacks are generally under 18 years of age and tend to ramp up their operations during the summer holidays. They often use the looted funds to buy expensive goods, ranging from laptops and phones to designer clothes, and even vehicles. One common expenditure includes enhancing their Roblox avatars.
To obfuscate their trails, these exploiters often pay individuals in low-income countries to register on exchanges using their personal details, thus adding a layer of complexity when tracing their cash-out process.
An emerging black market for drainer code is enabling these illicit activities. Cyber attackers purchase drainer code, which is essentially a set of instructions that can be embedded into websites to steal NFTs and other crypto assets. A share of the ill-gotten gains is usually given to the developer of the drainer.
Among the most notorious scam vendors are “Inferno Drainer” and “Pink.” The latter rose to infamy after a series of major exploits throughout May and June, with victims including Orbiter Finance, LiFi, Flare, Evmos, and even celebrity Steve Aoki’s Twitter account.
According to security experts, Pink has found success in evading protection measures, such as wallet extensions, and stealing tokens and NFTs simultaneously on the NFT marketplace, Blur.
Inferno Drainer, on the other hand, is relentless in its attacks. Recently, it stole six NFTs from various collectors on the OpenSea NFT marketplace, as confirmed by blockchain security company, PeckShield. Inferno Drainer provides ready-to-go code to scammers that allows them to steal crypto, and it receives a 20% cut of the scammer’s haul.
Given this escalating menace, the crypto community must ramp up its security measures. It’s recommended to use multiple wallets, store large amounts of funds in cold wallets, revoke approvals for unused tokens, and remain cautious of suspicious activities. In the digital realm of NFTs, one wrong move can lead to significant financial loss.
Here are some tips to protect yourself from NFT phishing attacks:
-Be wary of any links or attachments that you receive in Discord or other messaging platforms.
-Only interact with official NFT projects and marketplaces.
-Keep your software up to date.
-Use a strong password and two-factor authentication for your crypto wallets.
-Be careful about what information you share online.
By following these tips, you can help to protect yourself from NFT phishing attacks and keep your assets safe.
Want more? Connect with NFT News
Follow us on Twitter
Like us on Facebook
Follow us on Instagram
*All investment/financial opinions expressed by NFT News are from the personal research and experience of our site moderators and are intended as educational material only. Individuals are required to fully research any product prior to making any kind of investment.
This information is published by the NFT News media team.
