CoinDesk reports:
In a sophisticated phishing scam on the Blur marketplace, an unfortunate user has been drained of NFTs worth hundreds of thousands of dollars.
The loss, as reported by 0xQuit on X (formerly Twitter), involves six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals, each listed at one wei but effectively valued at zero.
Based on the current minimum prices for each asset, the total amounts to approximately $239,676. Wei is the smallest unit of ether on the Ethereum blockchain.
Solidity developer and auditor 0xQuit indicated in another post that the scam was orchestrated by an unknown entity exploiting loopholes in Blur’s listing system for private sales.
Despite Blur’s standard policy against private listings, the scammer managed to circumvent public accessibility requirements and manipulate the NFT’s royalty settings.
Typically, scammers lure someone into listing an NFT for free, only to swiftly purchase it themselves by paying a higher fee, leaving the victim with nothing.
0xQuit noted that to combat this, scammers are now enticing people to list NFTs at inflated prices, with all proceeds flowing to the scammer’s address.
The scammer achieves this by setting a rule that cancels any transaction unless they are attempting to buy, effectively making the transaction private.
According to 0xQuit, this strategy ensures that only the scammer completes the transaction, preventing others from intercepting low-priced listings.
Quit further elaborated that the scam involved luring victims into signing on phishing websites, often promoted through impersonator accounts on Twitter offering free minting or airdrop checkers.
Following a surge in popularity of NFT assets in late 2020 and early 2021, related scams have been a persistent issue for both the market and its users.
In rare cases, this has led authorities to pursue individuals fleeing with millions of dollars.
Last month, three UK nationals were charged for orchestrating a $3 million scam related to the “Evolved Apes” NFT series in 2021.
Requests for comment from Blur were not immediately returned.
