BTC 5.48%
$66,262.79
ETH 7.07%
$2,639.86
SOL 6.48%
$157.17
PEPE 12.95%
$0.000010
SHIB 6.82%
$0.000018
BNB 3.17%
$589.84
DOGE 5.37%
$0.11
XRP 3.00%
$0.54
TG Casino
powered by $TGC

NFT Traders, Beware of Social Engineering Hacks

Hack NFT Non-fungible tokens Scam Security
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews
Source: 0xQuit / Twitter

 

Holders of blue-chip non-fungible tokens (NFTs) have long been targets of various types of attacks given the value of their possessions – and now scammers seem to have found new loopholes to take advantage of.

A popular vector of attack for scammers has so far been malicious links, where scammers hack into a project’s social platforms and publish phishing links – as previously happened to Solana-based NFT collection Monkey Kingdom.

However, more recently, there seems to be a trend where scammers try to exploit loopholes in the UX (user experience) / UI (user interface) design of NFT platforms to steal valuable collectibles from potential users.

Just earlier this year, scammers were able to exploit an issue related to the UI design of major NFT marketplace OpenSea to buy NFTs for old listing prices, which were far below the collection’s floor price.

In a similar manner, a Bored Ape Yacht Club (BAYC) NFT holder recently lost three of their valuable NFTs largely due to the poor UI/UX design of an NFT platform.

The pseudonymous 0xQuit took to Twitter to reveal the details of how user “s27,” who entered into a direct swap trade using Swapkiwi, a peer-to-peer NFT swapping platform, fell victim to a scam.

Apparently, s27 had agreed to swap BAYC #1584 and two Mutant Ape derivatives (#13168 and #13169), cumulatively worth over USD 560,000 given the current floor price, with another user’s BAYC #4424, #5406, and #2007 – only these BAYC NFTs were simply knock-offs.

Swapkiwi does display verified NFTs with a checkmark, but the checkmark appears within the image. Taking advantage of this, the scammer photoshopped fake JPEGs to place a checkmark on them, making them look like verified BAYC NFTs.

“The scammer added these checkmarks to the knock-off NFTs exclusively to make them appear legitimate on swapkiwi,” 0xQuit said, adding:

“Furthermore, there’s no immediately apparent way to click through to view the asset or the asset contract, making it unnecessarily burdensome to verify the assets.”

The incident has some lessons for NFT traders. In the first place, if “it sounds too good to be true, it probably is,” 0xQuit said, noting that it is very unlikely for a user to swap three BAYC NFTs for a BAYC and two mutant apes, which are significantly cheaper than the original collection.

Moreover, NFT traders need to verify everything independently. In other words, assume “everybody is out to get you.” 

While Swapkiwi does not have an option to instantly allow traders to view the asset contract, traders can use blockchain explorers like Etherscan to verify assets and make sure they are original. 

“This goes for other assets too,” 0xQuit said.” I’ve seen similar scams with tokens, where a scammer will submit a picture with the words “20 WETH” on it in place of 20 WETH.” 

Meanwhile, Swapkiwi has said they are working on improvements and pledged to “make the necessary changes so this doesn’t happen again on swapkiwi.” 

____

Learn more:
No, Sberbank Isn’t Selling a ‘Cryptocurrency’ on a DeFi Exchange – Here’s What’s Really Going On
Scammers Impersonate CoinMarketCap to Sell Fake ‘CMC’ Tokens

Impostors Make Deep Fake Videos of Ordinary ‘More Believable’ People to Promote Crypto Scams
Scam Tokens Emerge After ‘Elona’ Musk’s Dispute With Chechen Leader
Impostors Are Trying to Trick Ukrainian Crypto Donors via Phishing Websites and Fake Donation Addresses

Here’s How You Can Protect Yourself Against Phishing as Trezor is Attacked
Web 3 Hackers Are Getting Smarter: Here’s How to Stay Safe

More Articles

DeFi News
UAE Approves In-Principle License to First AED Stablecoin Issuer
Hassan Shittu
Hassan Shittu
2024-10-14 20:49:42
Industry Talk
Shiba Inu Price Analysis: Shytoshi Kusama Teases “Back to the Future” Collaboration – Will It Drive SHIB to New Highs?
Joel Frank
Joel Frank
2024-10-14 20:22:21