in the light of NFT Phishing

Fishing mail

Attackers exploit various hotspots （NFT Open to booking 、 Wallet upgrade 、 Airdrop claim 、 Contract upgrade 、 Project change website 、 special NFT) etc. , Send official websites containing elaborate imitations 、 Pre sale platform 、app Download links and other phishing emails .

Example ：OpenSea

Description of the incident ： according to OpenSea The official reply to , This is a hacker upgrading OpenSea Initiated at the time of the contract .OpenSea Co founder and CEO Devin Finzer On twitter , The attacker stole the value 170 Million dollars of Ethereum .

Attack methods

The attacker uses the formal upgrade contract time node to send a contract upgrade success email to all users . Many users are uncertain about the source of the email . Many users don't determine the source of the email , Can't control your wallet , Which leads to the theft of the wallet .

Social media related phishing

Multiple NFT project

• Attacker’s wallet address
• BAYC
• Doodles
• Nyoki
• Shamanz
• Zooverse
• Dreadfuls
• Freaky Labs
• Kaijukingz
• Maison Ghost
• MekaVerse
• The Heart Project
• Monkey Kindom
• Fractal
• Phantom Galaxies
• Axie Infinity
• Cryptovoxel

Attack methods

• Attackers gain access to project members Discord account .
• The attacker used the account of the project party to publish a new announcement on the channel , The content of the announcement is a fake official website created by the attacker , And announce that some things can be purchased exclusively .
• Victims visit websites , Click the link , And try to buy . After authorization ,ETH Will be transferred to the attacker's wallet .
• The attacker joins a new discord Account or impersonate the victim's account , And say you're a liar , And say you're a liar , Then put your id To the server . The server prohibits the victim's account .
• The attacker requires remote desktop or screen sharing to show your innocence , They will let you Ctrl+Shirt+I View console , stay discord The console will display the authentication pass .
• Once you get a pass , An attacker can take over the account .
• because NFT Characteristics , Some trading platforms , Such as sudoswap、Nfttrader Will encourage users to trade privately NFT.
• The attacker will generate a transaction confirmation platform . After confirmation by both parties , Smart contracts will be executed automatically .
• In the process of communication , The attacker will negotiate with the victim in exchange for these NFT. When a transaction occurs , The attacker suggested modifying the data , Then send a fraud link to the victim .
• After confirmation by both parties , In the purse NFT Will be transferred to the attacker's wallet .
• The attacker took advantage of discord The server sends private messages to members of different communities in batches , Or cheat by pretending to be an administrator to solve the problem .
• Take the private key of the wallet , Or send a fake phishing website , Say you can get... For free NFT. Once the user authorizes the fake website , In the account NFT Will be stolen .
• In some mature NFT In the project , After the collection was released for some time , Announce that the attacker will make similar collections and use the official website in discord Send purchase links on websites such as communities , When the real NFT Not online , They will first search for... With similar names NFT, Some attackers will create several transactions in advance . In order to save the Commission of the platform and the project party , There will be private transactions between community members , At this time, users often ignore NFT Authenticity .

The project involved in the scam

• REALSWAK
• NFTflow
• Mercenary
• Blockverse
• Frosties
• Bored Bunny
• Evolved Apes
• Iconics
• Banksy

Suggest

• Do not click on any links or attachments in suspicious emails . If you receive suspicious email from your organization , And doubt whether the email is legal , Please open the web browser , And open a new tab . Then click from your saved favorites or search through the Internet to the organization's website .
• If the suspicious information seems to come from someone you know , By other means ( Such as text messages or phone calls ) Contact this person to confirm .
• Do not use your computer to log in to email in public places 、 Using instant messaging software 、 Online banking or other activities involving sensitive information . Without being sure of its safety , Connect WiFi Please do not log in and send or receive email after , Pay attention to using free WiFi. Due to management negligence , Some people with ulterior motives use data interception and monitoring methods to obtain user information .
• Don't send sensitive information to the Internet , The information and data published by users on the Internet may be collected by attackers . By analyzing this information and data , Send targeted phishing emails to users .
• If the email requires downloading attachments or installing some software , Please judge carefully .
• For asking for a password through a social media platform 、 Verification Code 、2fa People who , Identify yourself carefully , Judge whether it is forged for others 、 Whether the account is stolen, etc .
• Regularly change the frequently used account password 、 Increase complexity 、 Multi step verification, etc .

Source：https://medium.com/coinmonks/nft-phishing-96aa6488ae7e

About

ChinaDeFi - ChinaDeFi.com It's a research driven DeFi Innovation organizations , We are also a blockchain development team . From all over the world every day 500 Close to a good source of information 900 In the content , Looking for deeper thinking 、 Sort out more systematic content , Provide decision-making assistant materials to the Chinese market at the fastest speed .

Layer 2 friends sharing same hobby - Welcome to Layer 2 Interested blockchain technology enthusiasts 、 Study and analyze people and Gavin（ WeChat : chinadefi） contact , Discuss together Layer 2 Landing opportunities . Please pay attention to our official account of WeChat “ Decentralized financial community ”.