Deprecated: Function get_magic_quotes_gpc() is deprecated in /var/www/html/wp-content/plugins/post-custom-templates-lite/include/otw_components/otw_functions/otw_functions.php on line 272
Scammers use UI exploit and OpenSea bug in NFT phishing attack
Bored Ape community members need to be careful after a Bored Ape Yacht Club scam became active over the weekend. Malicious actors used NFT marketplace OpenSea on Saturday, April 2nd to carry out their phishing attack. The hack is the latest in a long line of recent high profile scams to hit the industry. Will continued attacks start affecting platforms’ economies?
Scam patterns emerging
Scams are having their cultural moment. Go to your favorite subscription TV platform and you don’t need to look hard for an exquisitely produced biopic about a brazen, charming con artist. The Axie Infinity hack was a record-breaking example of an ultra modern techno heist. And now we have some unscrupulous hustlers attempting to steal people’s money on the back of the recent hype around Bored Apes Yacht Club’s new metaverse Otherside.
This latest scam saw a suspicious wallet address pass itself off as the official BAYC team. They then sent fake NFT land packages to a string of influential people inside the web3 ecosystem. The phishing attempt was designed to part holders from their blockchain assets. We have received no reports yet that anything was stolen.
The really worrying part is the methods the hackers used in the deception. They exploited a suspected bug inside OpenSea’s platform. This bug provided a loophole allowing the scammers to initiate an NFT transfer from the official BAYC account, or at least make it seem as such. The fake transaction enabled the scammers to pose as the real BAYC team and attempt to defraud their unsuspecting victims out of their assets.
Here’s a screenshot of the offending account. You can see the lengths they’ve gone to to create something that looks fairly believable.
Fortunately, there are ways to identify when a con is taking place. DappRadar recently put out a helpful article explaining how to spot scam tokens. There’s also a watchful community on Twitter and helpful people in Discord servers who call out the bad actors when they see them.
Web3 opportunities and risks similar to Wild West
The Wild West we know from the movies was about adventure, freedom and opportunity. In reality, it was an unforgiving desert where most people lived without protection from malicious rustlers and violent bandits. Formal police forces had to be established to shield the population from criminal activity.
Similarly, the truth about web3 often gets lost behind the glamorous stories. The big wins and huge profits make good stories for the decentralized marketing machine. But the untold stories of thefts, scams and bereft victims are as much a part of the narrative as overnight millionaires.
Companies will develop online security solutions as NFT heists grow more complex and audacious. But as things stand, it’s important that users of decentralized platforms think twice before engaging with anyone they don’t know.
Bored Ape economy unaffected, for now
It’s too early to tell what effect the attempted theft has had on the overall BAYC economy. Looking at DappRadar’s Token Explorer, we can see the price of its native token ApeCoin is down over the past 24-hour and seven-day periods.
Similarly, if we look at the BAYC analytics page, the average sale price of a BAYC NFT went down 19.09% over the last day.
This probably has more to do with the astounding sale price of this Ape two days ago which put the average sale price up to an unrealistic height, before it dropped down to normal levels again. But if more hacks take place, attacking the same collections, it will be very interesting to see what effect it might have on the price of NFTs.
You can use DappRadar’s tools to track token prices and monitor your own blockchain asset portfolio. Similarly, you can use our rankings page to keep up to date with how dapps and NFTs are performing. Stay tuned with our blog for the latest news and follow our Twitter feed for the latest updates.