NFTs
Blur Marketplace Phishing Scam Costs User Nearly $240,000 in NFTs
It’s no secret that the cryptocurrency space can be risky, especially when it comes to the security of non-fungible tokens (NFTs). Recently, a Blur Marketplace user fell victim to a phishing scam and lost approximately $239,676, a source at X (formerly Twitter) revealed.
Details are below as reported by the source.
The Phishing Scam
According to reports, the heist targeted six Bored Ape Yacht Club NFTs, 40 Beanz and three Elementals, which were stolen from the user’s digital wallet and listed for one $WEI each on the marketplace. WEI, the smallest denomination of ether, the currency of the Ethereum blockchain, caused the listing price to be essentially zero.
The scam was a sophisticated maneuver that exploited a loophole in Blur’s listing system.
The scammer changed the copyright settings of high-value NFTs on Blur, diverting all proceeds to his address. By taking advantage of a rule that canceled existing transactions, the illicit activity remained masked.
The breach involved listing NFTs without the owner’s knowledge, effectively bypassing the platform’s protections.
Essentially, the scammer adjusted the royalty settings of the NFTs, effectively bypassing the platform’s policy against private listings. This allowed them to set up a private sale, ensuring that only their address could complete the transaction.
Pink Drainer learned how to hack and enable private sales on Blur.
Blur does not normally offer private listings. Any listing you create is open to anyone to fill.
But lately, Pink has been buying items for 0 eth on Blur. How?
1/🧵— Quit (@0xQuit) June 1, 2023
0xQuit, a developer and auditor at Solidity, shared this report, shedding light on the likely tactics used by the scammer. It appears that the scam was created as a bait-and-switch tactic, luring the user with the promise of a free NFT launch or drop event advertised on social platforms. Once the user engaged, they were tricked into signing a transaction on a fraudulent website.
You will remember this Coinfomania reported a similar phishing scam in early May, when a scammer (PinkDrainer) “drained” three BoredApeYachtClub NFTs worth around $145,000 from the user (tatis.eth).
Keeping your funds safe and hot wallets protected
Following this incident, users are urged to remain vigilant when trading or storing digital assets. Basic precautions such as double-checking URLs, being wary of unsolicited communications, and keeping private keys safe can go a long way in preventing such unfortunate incidents.
As the saying goes, “Prevention is better than cure.” In the unpredictable world of cryptocurrency trading, these words are especially relevant.
Here are some crucial tips to remember:
- Double-check the website URLs: Examine each link before clicking. Malicious actors often create websites with URLs that closely resemble legitimate platforms. A single typo could lead you to a dangerous phishing site.
- Beware of unsolicited messages: Never click on links or download attachments from unknown senders. Phishing scams can also occur through social media It is email.
- Prioritize wallet security: Use strong passwords and enable two-factor authentication (2FA) whenever possible. Avoid sharing your private keys with anyone.