An unfortunate user lost hundreds of thousands of dollars’ worth of irreplaceable Non-Fungible Tokens (NFTs) due to sophisticated phishing scams prevalent in the Blur marketplace.
Incident Report
Initiated by 0xQuit on Twitter, the incident involved the loss of 40 Bored Ape Yacht Club NFTs, 1 Beanz, and 3 Elementals, all listed at prices of X wei. Wei is the smallest unit of Ethereum blockchain’s ETH. Based on the lowest listing prices for each asset, the total stolen amount approximates $239,676.
The scam was perpetrated by an unidentified criminal who exploited flaws in Blur’s listing system for private sales.
According to 0xQuit, a Solidity developer and auditor, the fraudster manipulated NFT settings to circumvent default privacy policies in Blur, which do not support private listings.
Typically, the criminal would deceive someone into listing an NFT at almost no cost, only for automated bots to outbid it with higher fees, leaving the fraudster with nothing. In response, the criminal invited individuals to list NFTs at inflated prices, funneling all proceeds into the fraudster’s address. They achieved this by establishing a rule that rendered any transaction invalid unless the fraudster initiated the purchase, effectively privatizing the sale.
Read more:
NFT sales have seen a significant decline in recent years.
0xQuit noted that the scheme involved deceiving victims into signing orders on phishing websites, often promoted through fake X accounts or airdrop verifications.
Authorities have pursued responsible parties in some cases of large-scale fraud. For instance, last month, three British nationals were charged in connection with a $30,000 NFT-related scam dubbed “Evolved Apes” in 2021.
