Sophisticated Scam Targeting Token Holders: Over 100 popular projects' token holders targeted with fake NFT airdrops appearing from reputable sources.
Multi-Stage Deception Uncovered: The ongoing Scam involves enticing victims to fraudulent websites to steal their funds by connecting their wallets.
Check Point Research has issued an alert about an ongoing new and sophisticated NFT scam campaign targeting token holders of over 100 popular projects.
The scam involves sending airdrops that appear to be from legitimate sources, such as the Ape NFT airdrop for APE token holders.
These airdrops link to specially crafted websites designed to trick victims into connecting their wallets, thereby giving attackers full access to their funds.
The scam unfolds in stages: recipients receive an airdrop from a seemingly reputable source, are enticed to claim a reward on a fraudulent website, and upon connecting their wallets, unknowingly authorize the attacker, leading to the theft of their funds.
Check Point Research's investigation revealed that the attackers used a sophisticated infrastructure to distribute these fake airdrops to over 200,000 people.
Attackers exploit the way transaction information is processed and presented, using proxy contracts and unverified contract codes to obscure their actions.
The scam uncovered by Check Point Research represents a complex and cunning exploitation of blockchain technology's intricacies.
Initial Contact: Victims first received an airdrop, carefully labeled to mimic a genuine offer from a trusted entity.
APE token holders received an airdrop seemingly related to Ape NFTs. Luring to a Fraudulent Website: The airdrop included a link to a website, ostensibly for claiming the promised NFT reward.
Wallet Connection: Upon visiting the site, victims were prompted to connect their cryptocurrency wallets to claim their NFT or access some related benefit.
This step mirrors common practices in legitimate NFT transactions, adding to the scam's credibility.
The scammers then proceeded to drain the wallets, completing the theft.
The sophistication of the scam lay not just in its deceptive appearance but also in its technical execution.
This method exploited the way blockchain explorers like Etherscan process and display transaction information, making the scam difficult to detect for both users and automated systems.
The scam involved the use of proxy contracts and unverified contract codes.
The scam is a stark reminder that in the world of blockchain and NFTs, where the excitement and perceived legitimacy can often cloud judgment, the best defense is a cautious and well-informed approach.
The report highlights the need for continual vigilance and skepticism in the digital asset environment, given the increasing sophistication of such scams.
The Threat Intel Blockchain system, developed by Check Point Software, continues to accumulate valuable information on emerging threats, and this intelligence will be shared in the future.
This Cyber News was published on blog.checkpoint.com. Publication date: Thu, 18 Jan 2024 15:43:04 +0000