NFT Trader Falls Victim to BAYC Phishing Scam, Losing $145K in Tokens
By Jimmy Aki
Updated: May 9, 2024, 15:36 EDT
|
Reading Time: 2 minutes
According to on-chain security platform PeckShield’s data on May 9, an NFT trader lost tokens worth over $145,000 in a Bored Ape Yacht Club (BAYC) phishing scam. PeckShield revealed that the trader, known as “tatis.eth,” was targeted by an attacker named “PinkDrainer,” who stole three valuable BAYC NFTs – BAYC 7531, BAYC 6736, and BAYC 2100 – from the trader’s wallet.
The $145,000 Loss in NFTs Due to the BAYC Phishing Scam
Bored Ape Yacht Club (BAYC) is a collection of 100,000 Ethereum-based collectibles known as NFTs. These NFTs are highly influential and expensive, featuring profile pictures of bored cartoon apes in different facial expressions and clothing.
ZachXBT’s report confirmed that the stolen NFTs were transferred to a phishing address labeled “Fake_Phishing328357” on May 8 at 5:47 PM UTC. Subsequently, the attacker sold the three NFTs for a total of 48.5 ETH, equivalent to approximately $145,000.
Source: Blockchain Data/ZachXBT
This is not the first time the scammer known as “PinkDrainer” has been involved in such malicious activities. Recently, a real-time security alert platform called Cyvers Alerts reported a similar phishing scheme in which a victim’s wallet was drained of $92,800 worth of Ethereum to the same “PinkDrainer” address.
In December 2023, the same hacker group reportedly stole $4.4 million worth of Chainlink (LINK) tokens by deceiving users into authorizing transactions associated with the “IncreaseAllowance” function.
During Q4 of 2023, there were numerous incidents of scammers impersonating reputable platforms and protocols to obtain transaction approvals and steal digital assets from unsuspecting users. One notable instance was the JPEG’d NFT protocol, where the community had to issue a warning in October 2023 about multiple fraudulent platforms imitating their offerings to scam users of their NFTs and digital assets.
Over $104 million Lost to Crypto Phishing and NFT Scams in 2024
The crypto industry has suffered significant losses from phishing attacks in the first two months of 2024. Scam Sniffer data reveals that approximately 97,000 users have fallen victim to these sophisticated scams, resulting in a total loss of $104 million worth of cryptocurrencies. Additionally, their report shows that $46.86 million worth of crypto was stolen in February 2024.
The Ethereum ecosystem has been a primary target, with $78 million of the total losses originating from users’ Ether and ERC20 tokens being drained from their wallets. Most of these funds were lost due to unsuspecting users signing malicious signatures, such as “ERC20 Permit” and “increaseAllowance,” which grant attackers unauthorized access to their assets.
In April 2024, Crypto News reported that phishing campaigns were specifically targeting users of Etherscan, using various advertisements for malicious purposes.
Scam Sniffer’s analysis reveals that cybercriminals have been leveraging social media platforms, particularly X (formerly Twitter), to lure unsuspecting victims to phishing sites. These hackers post deceptive comments under targeted accounts’ X posts, impersonating customer representatives and directing users to malicious websites where their assets are compromised.
While the losses in the first two months of 2024 are concerning, they only represent a fraction of the $300 million in total funds lost to crypto phishing attacks throughout 2023.
Follow Us on Google News
Subscribe to Updates
Get the latest creative news from FooBar about art, design and business.