As the space is further growing, hackers need to step up their game. And, they are. They’re getting smarter about it. They’re figuring out how to emotionally manipulate holders without doing much “hacking”. The most common NFT scam might be the most emotionally triggering yet.
Common NFT Scam: We’ve Got Your Wallet
Recently, @BagHoldingNFTs on Twitter shared a chilling hack attempt. What the hackers did is reach out to him saying they had access to his wallet. They further explained that they can drain his wallet taking ALL his NFTs at “lightning speed”. What do they want in order not to do that? 7 ETH. This is around 10.9 THOUSAND US dollars.
What does this induce? Panic. A lot of people immediately get scared, transfer the 7ETH, and probably risk losing everything. However, thankfully he was smarter than that and ended up playing along.
Instead of transferring the money, he gave them “permission” to take them from his wallet. I mean, they’re inside his wallet so why not take the 7 ETH themselves? Called out their bluff.
Meanwhile, out of action, he transferred his bored ape to another wallet. They then sent him a video showing they have access to THAT wallet as well.
Out of an abundance of caution, I still transferred my Bored Ape and Ethereum to a backup wallet
The scammers then sent a video showing access to THAT account!
Pretty disturbing to see. pic.twitter.com/RObcppoF0S
— Bag Holder (@BagHoldingNFTs) February 26, 2023
Despite the threats, he still has his NFTs and wallet.
Why Didn’t They Drain His Wallet?
Well, they didn’t have access to the wallets in the first place. This is recently the most common NFT scam. They send you videos from inside your wallet but they’re not really there. Uhm… what?
They’re basically “cloning” your wallet and playing pretend. There’s a website, or multiple, that let you “clone” someone else’s wallet using their public key. Of course, I won’t share the app names not to encourage these types of scams.
But, to explain. The scammer simply takes the wallet’s public key and pastes it into the website. The website then can mimic the wallet on any website that uses “access with wallet”. Look how one person did that to the whale Franklin’s wallet.
And, here’s another one who tried the website to show how it’s done.
Need a showcase of how easy it is to pretend having control over a certain wallet on basically every web3 website?
Showcase of @Feld4014's wallet in "my control" on @opensea, @LooksRare and @Uniswap.
Stay safe frens! Trust no one.#SaferNFTs 🔒🛡
🎶ItsWatR – Ever Flowing pic.twitter.com/KW4Y6Q4Rs7
— WiiMee.eth 🛡 (@Wii_Mee) September 24, 2022
However, that’s all they have: a look-alike wallet. They don’t have access to any of your private keys, seed phrase, or password. Therefore, they can’t approve any sales or transfers.
How Does This Common NFT Scam Succeed?
Why is recently a very common NFT scam in this space? Because it works. It’s a pure play on emotions. Someone sends you a video inside your wallet. This would cause you to freak out. You may directly think okay I’ll give them anything not to lose my NFTs.
But, you have to stop and ask yourself: why do they need ETH from you if they already have your wallet? If a scammer is threatening you, he’s probably not nice. This means that if they’re able to take all your NFTs, they would without asking you.
When do they ask you for money? When they can’t get it without your help. Here calming down is key. Just like the above person did. Take a deep breath and rationalize the situation before making any moves.
Keep in mind that scammers and hackers are everywhere especially in a money-fueled space. If you’re aware of this common NFT scam, there are other wallet drainers tricks. It’s always better to stay safe than sorry. Here’s how you can secure your wallet. Take care!