The FBI warned today of fraudsters posing as Non-Fungible Token (NFT) developers to prey upon NFT enthusiasts and steal their cryptocurrency and NFT assets.
In these attacks, the criminals gain unauthorized access to NFT developer social media accounts or create nearly identical accounts to promote “exclusive” NFT releases.
This allows them to lure targets with misleading claims of “limited supply,” labeling the promotions as “surprises” or previously undisclosed mints to induce a false sense of urgency and trick potential victims into making hurried decisions without proper due diligence.
Unsuspecting victims click on the provided links only to be redirected to phishing websites that masquerade as legitimate extensions of specific NFT projects. The scammers go to great lengths to replicate the appearance and user experience of real NFT platforms, making it harder to notice that they’re actually phishing landing pages.
On these fraudulent websites, victims are prompted to connect their cryptocurrency wallets for NFT purchases. However, this seemingly innocuous action sets off a drainer smart contract that transfers their cryptocurrency and NFT assets into the criminals’ wallets.
To obscure their tracks, the criminals use a series of cryptocurrency mixers and exchanges to make it difficult for law enforcement agencies to trace the final destination of the stolen assets.
In light of these attacks, the FBI urges NFT enthusiasts to exercise caution when engaging in NFT-related activities:
- Verify the authenticity of NFT developers and their promotions before taking any action.
- Check if the social media accounts used to advertise promotions are legitimate.
- When dealing with NFT purchases, double-check website URLs and ensure they’re not clones of legitimate ones.
- If it sounds too good to be true, it usually is, so make sure to vet all NFT reward opportunities.
The FBI urged victims to promptly report any instances of fraudulent or suspicious activities related to NFTs through the Internet Crime Complaint Center.
When filing a complaint, victims are encouraged to provide crucial details, including links, social media accounts, crypto accounts, or domains associated with the scam, and to include the NFTHack keyword to make it easier to keep track of reports linked to this type of scam.
This is not the first time the FBI alerted cryptocurrency owners of scammers targeting their wallets in various ways.
In March, the law enforcement agency warned of a spike in ‘pig butchering’ crypto investment schemes, leading to losses of over $2 billion worth of cryptocurrency last year.
The FBI also cautioned in October of a rise in scams looting ever-increasing amounts of cryptocurrency from unsuspecting investors.
Previous alerts warned of fake rewards in so-called “play-to-earn” games and fraudulent cryptocurrency investment apps that help fraudsters steal millions in cryptocurrency.
In its 2022 Internet Crime Report, the FBI also revealed that Americans lost more than $3 billion to investment fraud in 2022. In April, the U.S. Department of Justice seized six virtual currency accounts with over $112 million stolen in cryptocurrency investment schemes.
Source: www.bleepingcomputer.com