$240,000 Worth of NFTs Stolen in Blur Marketplace Scam
The Risks in the NFT Space Remain High
A user recently lost $240,000 in NFTs after falling victim to a phishing scheme on the Blur Marketplace. This highlights the ongoing risks in the crypto space, especially when dealing with NFTs.
The Incident
The stolen NFTs included:
- Three Elementals
- 40 Beanz
- Six Bored Ape Yacht Club NFTs
These high-value digital collectibles were listed for a mere $WEI each on the marketplace. For context, $WEI is the smallest unit of Ether, making the listing price almost zero.
How the Scam Worked
This was no ordinary scam. It exploited a loophole in Blur’s listing procedure by manipulating copyright settings of high-value NFTs. This allowed the scammer to divert proceeds to their address without raising suspicion. They used a rule to cancel existing transactions, keeping their activities hidden.
The Process
- Listing Manipulation: The scammer manipulated the NFTs’ royalty settings to get around Blur’s anti-private listing restriction.
- Private Sale Setup: This bypass allowed a private sale visible only to the scammer’s address.
- Phishing: By promoting a fake free NFT mint or airdrop event on social media, they lured the victim to a counterfeit website. Once there, the victim unknowingly approved a malicious transaction.
Expert Insights
Solidity developer and auditor 0xQuit provided detailed insights into the scammer's strategies. Their tactics are part of a broader trend, as seen in previous incidents. For example, in May, a scammer named PinkDrainer stole three Bored Ape Yacht Club NFTs worth about $145,000 from tatis.eth.
Conclusion
The phishing scam on Blur Marketplace underscores the high risks associated with the NFT and crypto spaces. Scammers are continuously evolving their methods to exploit system vulnerabilities and deceive users.
Stay Informed and Secure: Regularly update yourself on the latest security measures to protect your digital assets.
