There are a lot of risks in the cryptocurrency space, especially when using NFTs. A recent incident in the Blur market exposed these risks. One user lost $240,000 in NFTs after falling for a phishing scam. A source on X (Twitter) revealed this information.
3 Elementals, 40 Beanz, and 6 Bored Ape Yacht Club NFTs were targeted by the scam. Subsequently, the stolen NFT was sold on the market for only $1 WEI. For context, $WEI is the smallest unit of Ethereum, making the listing price almost zero.
How the scam works
This scam is very sophisticated. It exploited a loophole in Blur’s listing process. Scammers manipulate the copyright settings of high-value NFTs. Transferring proceeds to their address allows them to profit from the scam. They use rules to cancel existing transactions to hide their activities.
The owner was unaware that the scammer had listed the NFT. Essentially, this bypasses the platform’s security measures. By manipulating the NFT’s royalty settings, scammers circumvented the platform’s anti-private listing restrictions. As a result, they are able to set up private sales, ensuring transactions can only be completed through their address.
Solidity developer and auditor 0xQuit exposed the scammers’ tactics. The scam uses bait-and-switch techniques to lure victims with the promise of free NFT minting or airdrops advertised on social media. Users were tricked by scammers into unknowingly approving transactions on fake websites.
This incident is not isolated. Coinfomania reported a similar phishing scam in May, in which a scammer named PinkDrainer “drained” three Bored Ape Yacht Club NFTs from user tatis.eth, worth approximately $145,000. This points to a worrying trend of sophisticated fraud in the NFT space.
final thoughts
A recent phishing scam on Blur Marketplace highlights the risks in the cryptocurrency and NFT space. Scammers are constantly finding new ways to exploit system vulnerabilities and deceive users. You should regularly stay informed and take security measures, which are critical to protecting your digital assets.