The Federal Bureau of Investigation (FBI) has issued a warning about criminal actors posing as legitimate Non-Fungible Token (NFT) developers to defraud active users within the NFT community.
According to the public service announcement released on August 4, 2023, these criminals either gain direct access to NFT developer social media accounts or create almost identical accounts to promote fraudulent NFT releases.
The criminals’ posts often create a sense of urgency, using phrases like “limited supply,” and refer to the promotion as a “surprise” or previously unannounced mint. The links provided in these announcements are phishing links that direct victims to spoofed websites, appearing to be legitimate extensions of particular NFT projects.
Once on the spoofed websites, victims are invited to connect their cryptocurrency wallets and purchase the NFT. Unknowingly, they connect their wallets to a “drainer smart contract,” resulting in the transfer of cryptocurrency and NFTs to wallets operated by criminals. The stolen contents are often processed through a series of cryptocurrency mixers and exchanges to hide the path and final destination of the stolen NFTs.
This warning comes at a time when it is not uncommon to hear of scams and phishing incidents related to NFTs, reflecting a broader trend of fraudulent activities in the space.
Cybersecurity analyst Serpent revealed various crypto and NFT scams active on Twitter on August 3, 2023. These include the Crypto Recovery Scam, where scammers claim to be blockchain developers and trick victims of recent large-scale hacks into paying a fee to recover stolen funds. Other strategies include the Fake Revoke.Cash Scam, using Unicode Letters to create phishing URLs, and hacking verified Twitter accounts to impersonate influential figures.
On July 6, 2023, a class-action lawsuit was filed in Canada against Boneheads, an NFT project accused of orchestrating a rug pull worth $3.1 million. The Boneheads team is facing charges of breaching contracts, misappropriating funds, and engaging in fraudulent activities.
On July 26, 2023, NFT collector JKLaub confirmed losing over $150,000 worth of crypto and NFTs in a wallet hack. The stolen NFTs included various items such as Friendship Bracelets NFTs, Gutter Dogs, Implications NFTs, and more.
The FBI has provided several tips to protect individuals from falling victim to such schemes:
1. Research if a well-known NFT project announcing a surprise opportunity has a history of doing so or has stated they will never offer surprise mints.
2. Verify the legitimacy of the social media account advertising the opportunity, checking for discrepancies in spelling, account history, screen name, followers, or creation date.
3. Ensure the authenticity of websites requesting connection to cryptocurrency wallets by looking for indicators such as misspelled web domain names, URLs with additional or unnecessary characters, or non-functional links.
4. Vet any opportunity that offers NFTs as a reward, especially if it appears too good to be true.
The FBI urges victims to report fraudulent or suspicious activities related to this scam to the FBI Internet Crime Complaint Center at www.ic3.gov, including any links, social media accounts, crypto accounts, or domains utilized in the scam, with the keyword “NFTHack.”
This warning serves as a critical reminder to the growing NFT community to exercise caution and due diligence when engaging with NFT opportunities, as the space continues to attract both innovation and criminal activity.
Image source: Shutterstock