HQ/EMEAFind out how we can help your business
The Federal Bureau of Investigation disclosed a new fraud operation impersonating NFT developers. Based on reports, scammers use such identities to target NFT patrons and steal their NFT and crypto assets.
These fraudsters acquire unauthorised access to NFT developer social media accounts or generate identical accounts to endorse seemingly exclusive NFT releases.
This strategy enables them to bait targets through misleading claims of short supply. The attackers also label the products as “surprises” to create a sense of urgency and prompt victims into deciding without analysing their transactions.
However, the fake page will redirect the lured victims to phishing websites that pose as legitimate extensions of NFT projects. Additionally, the scammers have replicated the appearance and behaviour of legitimate NFT platforms not to raise suspicions.
Subsequently, the fraudulent websites will prompt the users to link their crypt wallets for NFT purchases. Unfortunately, the action will trigger a drainer smart contract that moves the NFT and crypto assets to attacker-controlled wallets.
Fake NFT developers use multiple techniques to hide from analysis.
The scammers that pose as NFT developers leverage various crypto mixers and exchanges to avoid law enforcement agencies and make threat analysis more challenging.
The federal agency recommends that NFT fans be cautious about completing transactions in NFT-related activities.
Users should verify the legitimacy of NFT developers and the products they promote before engaging in any transaction. In addition, enthusiasts should review the authenticity of the developers’ social media accounts and the products they promote.
Users should carefully inspect the URLs and ensure they are not clones before dealing with NFT acquisition. Furthermore, law enforcement agencies advise NFT fans to be careful with NFT rewards that are too good to be true.
The bureau advises victims to immediately report any cases of scams or suspicious activities related to NFTs. Victims should provide the details, such as links, crypto accounts, social media accounts or domains that resulted in a scamming incident.
Victims that report such events should include the NFTHack keyword for more efficient tracking of reports connected to this type of fraudulent activity.
