User loses $240,000 worth of NFTs to Marketplace hack

In a shocking turn of events, a cunning scammer has made off with a trove of valuable NFTs worth around $239,676. The unlucky victim, known as 0xQuit on X (formerly Twitter), reported the theft which included six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals, all of which sold for just one wei each — essentially zero.

The scam was no ordinary heist. The attacker exploited a loophole in Blur’s marketplace listing system to conduct private sales, despite Blur’s usual policies against such listings.

0xQuit, a developer and auditor at Solidity, explained that the scammer manipulated the royalty settings of the NFTs, avoiding the public accessibility requirement.

In typical NFT scams, victims are tricked into listing their assets for next to nothing, allowing automated bots to grab them, leaving the scammer with empty pockets. However, the game has evolved.

Scammers now trick victims into listing their NFTs at high prices but ensure that all profits go straight to the scammer’s address.

This new tactic involves setting a rule that cancels any transaction unless the scammer is buying, effectively making the sale private. This prevents other buyers from intercepting these low-priced listings.

The scam happened when the victim signed up for something on a phishing site, usually promoted by a fake social media account, advertising a free mint checker or airdrop.

The incident underscores the ongoing risks in the NFT space and highlights the need for increased vigilance and security measures to protect valuable digital assets.

Read too: Indian police dismantle $16 million Max cryptocurrency trading scam

Fuente