The Federal Bureau of Investigation has warned against criminal actors hijacking social media accounts and impersonating legitimate people in the non-fungible token and crypto space.
This has also raised concerns about scam websites tricking victims into thinking they are using legitimate platforms in an attempt to steal their NFTs/crypto.
The warning comes as the number of victims whose funds are drained by these two types of scam methods continues to rise.
In an August 4 public service announcement, the FBI urged people to be aware of “criminal actors impersonating legitimate NFT developers in financial fraud schemes targeting active users within the NFT community.”
“Criminals gain direct access to social media accounts of NFT developers or create almost identical accounts to promote new versions of NFT. Fraudulent posts often aim to create a sense of urgency, using phrases such as “limited offer” and refer to the promotion as a “surprise” or previously unannounced mint. »
“The links provided in these ads are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project,” the FBI added.
Typically, scam websites trick people into connecting their wallets to claim or purchase NFTs, but instead are connected to a draining smart contract, resulting in loss of funds or assets from the person.
However, it should be noted that sometimes it can be more complicated than that. There are other ways people can see their funds depleted even if they don’t directly choose to connect their wallet to a dodgy website.
In an April. Thread 5 X (Twitter), user @robbyhammz declared that they mistakenly clicked on a fake Looks Rare NFT market website and did not connect their hot wallet, but still got over $300,000 worth of NFT stolen from them.
Alarmingly, the fake website was promoted to the top of Google’s search results as a paid ad, which is a long-standing issue that has yet to be resolved by Google.
just spoke with @bax1337 earlier today on how Google Ads phishing scams are getting out of hand. Surprised no one has organized a class action lawsuit against them. Have easily seen 8 figures stolen recently.
— ZachXBT (@zachxbt) August 5, 2023
There was a lot of debate in the comments about how the victim could have their NFTs cleared without connecting their wallet.
Some argued that malware allowing access or control of the victim’s PC was involved, while others suggested that the scam website may have a hidden wallet signature link. MetaMask somewhere that was accidentally clicked.
Related: Zero-transfer scammer steals $20 million USDT and gets blacklisted by Tether
On the same day, anti-scam platform Web3 Scam Sniffer tweeted that someone else had also lost $446,000 worth of Bitcoin (BTC), Ether (ETH) and Pepe ($PEPE) due to a phishing link.
Scam Sniffer pointed to the Pink Drainer address as the source of the phishing hack, while ZachXBT pointed out that it may have happened via two fake airdrop links promoted by @AvalancheApp and @QwQiao – two accounts that have been hacked in the last 24 hours.
Both of these events occurred within the last 24 hours pic.twitter.com/KV5Kaxhihf
— ZachXBT (@zachxbt) August 5, 2023
In the FBI warning, he outlined a handful of tips for people to protect themselves against these types of scams.
The FBI stressed that people should research and “check out any opportunities” like surprise NFT drops or freebies before clicking on links. He also urged people to double-check any discrepancies in website URLs or account names, to avoid falling victim to copycats.
Magazine: Deposit Risk: What Do Crypto Exchanges Really Do With Your Money?