NFT Trader Loses $145K To BAYC Phishing Scam

BAYC NFT Phishing scams
Last updated:
Author
Author
Jimmy Aki
About Author

Jimmy has nearly 10 years of experience as a journalist and writer in the blockchain industry. He has worked with well-known publications such as Bitcoin Magazine, CCN, and Blockonomi, covering news...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

An NFT trader lost over $145,000 worth of tokens in a BAYC phishing scam, according to May 9 data from on-chain security platform PeckShield.

PeckShield revealed that a trader known as “tatis.eth” fell victim to a phishing scam perpetrated by an attacker identified as “PinkDrainer.” The malicious entity stole three valuable BAYC NFTs – BAYC 7531, BAYC 6736, and BAYC 2100 – from the trader’s wallet.

The BAYC Phishing Scam That Led to the Loss of $145,000 Worth of NFTs

BAYC, also known as Bored Ape Yacht Club (BAYC), is a collection of 100,000 Ethereum-based collectibles. These NFTs are among the most influential and expensive ones around. They feature profile pictures of bored cartoon apes in various facial expressions and clothing.

A similar report from ZachXBT revealed that the stolen NFTs were transferred to a phishing address labeled “Fake_Phishing328357” on May 8 at 5:47 PM UTC. Thereafter, the attacker sold the three NFTs for a total of 48.5 ETH, equivalent to approximately $145,000.

BAYC Phishing Scam
Source: Blockchain Data/ZachXBT

This is not the first time the “PinkDrainer” scammer has been involved in such atrocious activities. Cyvers Alerts, a real-time security alert platform, recently reported a similar phishing scheme where a victim’s wallet was drained of $92,800 worth of Ethereum to the same “PinkDrainer” address.

In December 2023, the same hacker group reportedly stole Chainlink (LINK) tokens worth $4.4 million by tricking users into authorizing transactions linked to the “IncreaseAllowance” function.

In Q4 of 2023, recurrent incidents of scammers impersonating reputable platforms and protocols to obtain transaction approvals and steal digital assets from unsuspecting users were widely reported.

A notable instance was the JPEG’d NFT protocol, where the community had to come out in October 2023 about multiple fraudulent platforms imitating its offerings in an attempt to obtain transaction approvals so they could scam users of their NFTs and digital assets.

Over $104 million Has Been Lost to Crypto Phishing And NFT Scams in 2024

The crypto industry has been on the receiving end of enormous losses due to phishing attacks in the first two months of 2024.

According to Scam Sniffer data, an estimated 97,000 users have fallen victim to these sophisticated scams, resulting in a total loss of $104 million worth of cryptocurrencies. This was followed by its report that showed $46.86 million worth of crypto was stolen in February 2024.

The Ethereum ecosystem has been specifically targeted, with $78 million of the total losses coming from users’ Ether and ERC20 tokens being drained from their wallets.

Most of these funds were lost due to unsuspecting users signing malicious signatures, such as “ERC20 Permit” and “increaseAllowance,” which grant attackers unauthorized access to their assets.

Crypto News also reported in April 2024 that phishing campaigns were targeting users of Etherscan, with several advertisements being used for malicious operations.
Scam Sniffer’s analysis revealed that cybercriminals have been leveraging social media platforms, particularly X (formerly Twitter), to lure unsuspecting victims to phishing sites.

These hackers post deceptive comments under the X posts of targeted accounts in a way that impersonates their customer representatives and directs users to malicious websites where their assets are compromised.

While the losses in the first two months of 2024 are concerning, they represent only a fraction of the $300 million in total funds lost by users to crypto phishing attacks throughout 2023.

More Articles

Price Analysis
$TRUMP Pumping Over 20% This Week: Presidential Memecoin Back for Good?
Arslan Butt
Arslan Butt
2025-02-15 15:26:50
Price Analysis
Study Predicts Bitcoin Surge to $1M by Early 2027: Is That Possible?
Arslan Butt
Arslan Butt
2025-02-15 14:45:43
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors