The FBI warned that the account hijackers work to “create a sense of urgency” with their posts and urged people to vet any website or potential opportunity before clicking on it.
The United States Federal Bureau of Investigation (FBI) has warned of criminal
actors and posing as legitimate people in the nonfungible token (NFT) and crypto space.
It also raised concerns over spoof websites that dupe victims into thinking they are using legitimate platforms to steal their NFTs or crypto.
The warning comes as the number of victims from these two types of scamming methods continues to grow.
In an Aug. 4 public service , The FBI urged people to be aware of “criminal actors posing as legitimate NFT developers in financial fraud schemes targeting active users within the NFT community.”
“Criminals either gain direct access to NFT developer social media accounts or create almost identical accounts to promote new NFT releases. Fraudulent posts often aim
to create a sense of urgency, using phrases like ‘limited supply,’ and refer to the promotion as a ‘surprise’ or previously unannounced mint.”
إقرأ أيضا:ChatGPT web traffic drops for third consecutive month in August
“Links provided in these announcements are phishing links directing victims to
a spoofed website that appears to be a legitimate extension of a particular NFT project,” the FBI added.
Generally, the scam websites prompt people to connect their wallets to claim or purchase NFTs but are instead connected to a drainer smart contract, resulting in a loss of a person’s funds or assets.
However, it can sometimes be more complicated than that.
There are some other ways that people can have their funds drained even when not directly choosing to connect their wallet to a suspicious website.
In an Aug. 5 X (formerly Twitter) thread, user StockEd that they mistakenly clicked on a spoof LooksRare NFT marketplace website and didn’t connect their hot wallet but still had more than $300,000 worth of NFTs stolen.
Alarmingly, the fake website was promoted at the top of Google’s search results as a paid ad, which has been a yet to be solved by Google.
There was much debate in the comments as to how the victim could have their NFTs drained without connecting their wallet.
إقرأ أيضا:Less than 7% of Web3 VC funding went to female-led startups: ReportSome argued that malware enabling access or control to the victim’s computer was at play,
إقرأ أيضا:Traders report frozen assets, account blocks on MEXCwhile others suggested the scam website may have had a hidden MetaMask wallet signature link somewhere that was accidentally clicked.
On the same day, Web3 anti-scam platform Scam Sniffer tweeted that someone else had also lost $446,000 worth of Bitcoin
ETH
$1,833 and Pepe
PEPE
$0.000001 to a phishing link.
Scam Sniffer indicated that the Pink drainer address was behind the phishing hack,
while ZachXBT highlighted that it may have happened via two fake airdrop links promoted by
Avalanche and QwQiao — two accounts that were hijacked over the previous 24 hours.
In the FBI’s warning, it outlined a handful of tips for people to protect themselves from these types of scams.
The FBI emphasized that people should research and “vet any opportunity,” such as surprise NFT drops or giveaways, before clicking on links. It also urged people to double-check for
any discrepancies in website URLs or account names to avoid falling victim to impersonators.
