Holders of NFTs have become prime targets for scams of all kinds. And when the token actually purchased is well supported by a real project, phishing attacks take over. This is to strip these designated victims of vested rights to their precious digital images. A reality that has repeatedly struck the Bored Ape Yacht Club community in recent months, with losses counted in the millions of dollars. But BAYC holders aren’t the only ones getting screwed. And, as the CertiK security framework points out, there are a few crypto hygiene rules.
The findings are as worrying as they are overwhelming. More than 90% of NFT holders have already been victims of a proven scam. With sometimes colossal losses, depending on the collection concerned. And for the past few months, aggressive phishing campaigns aimed at holders of Bored Ape Yacht Club. The latest made a few days ago, following the hacking of the Discord account of a community manager. All for damage estimated at 142 ETH (more than $255,000 at the time of the events).
Of course, few (if any) appeals are possible. And all collections are targeted, even if the most popular are preferred. With very well-constructed procedures, but most often identifiable for those who do not give in to haste. Elements partly underlined by the security structure CertiK in a recent publication on the subject.
NFT – Digital Hygiene vs. Phishing
It’s all called digital hygiene. And it is always easier to present it than to apply it to oneself. Especially when the link encountered specifies that there are only a hundred copies to be obtained as soon as possible. And that – by the greatest chance – your address has been selected to participate. This to end up in the end delivering his own NFTs to the hacker while at the same time paying the bill for the network costs to send them to him. A classic phishing procedure, but which nevertheless continues to wreak havoc. This is why this development seems necessary once again.
And even if this kind of attack does not only affect the NFT token sector, the latter seems to have become a particularly privileged playground. Perhaps in part because their adoption largely comes out of the crypto area, which is deemed (a little) more resistant to this kind of inconvenience. Or because their structural indivisibility (non-fungible) makes this type of operation simpler and more profitable. Be that as it may, their holders must be wary of links sent to them, or placed on social networks in order to wait for the next victim.. Because traps are everywhere…
NFT – How to identify a phishing site?
This is why the CertiK structure has just published a report on the attacks suffered by the BAYC community. With a highlighting of the points to be taken into account in order to identify a carbon copy of their official site, created to deceive its victims. But on which it lacked, among other things, the classic links redirecting to social network accounts. Differences presented as “subtle” but which, once identified, must absolutely trigger all the alerts… and the leak!
” The phishing link posted on BAYC’s Discord redirected to a carbon copy of the projects’ official website, but with subtle differences. First, there were no links to any social media accounts. There was also a tab added titled “claim free land” which specifically catered to holders of popular NFT projects.”
Just like being fooled by a post on Twitter whose name seems to be official, but whose account in “@” is nothing reassuring. This even if it benefits from the precious symbol of validation which one wonders how Twitter distributes them. And for which your own account has been identified among an improbable list copied / pasted in the comments. With this fairly simple rule: what comes to you is suspicious and must be checked. This by going to the official account of the project supposed to carry out this campaign of “gifts. And on the basis of the principle that the slightest doubt must be eliminated, even if it risks missing an “opportunity” which is all improbable. Because it has everything improbable!
We wish to thank the author of this article for this outstanding web content
NFT vs phishing – How to identify and avoid potential scams? – CryptoNews
We have our social media profiles here as well as other pages related to them here.https://metfabtech.com/related-pages/