If you actively use Twitter, and your account was suddenly mentioned in a message about giving away free NFTs – most likely, they are scammers. In this case, we’re talking about an “opportunity to get” unique tokens from a series called Azuki. Such NFT-collection does exist, but its creators did not announce about tokens’ distribution the day before. At the same time, Twitter users continue to be mentioned in a thread where a malicious fraud link is distributed. When clicking on it and after connecting a cryptocurrency wallet, the fraud victim simply loses all NFT from their address. We tell you more about the situation.
Traditionally, we’ll start with an explanation. Azuki is one of the most popular and expensive collections of NFT-tokens. As of today it’s on the fifth place among the other collections by the minimal price. This figure is 22.5 ETH or the equivalent of 71 thousand dollars.
Notably, over the past 24 hours, the minimum value of the token has fallen by 13.9 percent – the biggest collapse among the top five NFT collections.
How NFT tokens are stolen
First of all, scammers steal confirmed Twitter accounts with the appropriate blue check mark, including journalists and other media workers, and then change the profile text and avatar. This is done in order to convince the victim that the account really belongs to one of the creators of the popular Azuki project, who in addition supposedly went through the identity verification procedure. He himself had received wide publicity in the cryptocurrency community the day before, though the project was developed by Chiru Labs studio.
The scammers then send a link on Twitter promising a “secret airdrop” – that is, a free giveaway – of Beanz. These are unique tokens that were indeed given away for free, but only to owners of the original Azuki collection. To get these very Beanz they ask you to connect your cryptocurrency wallet via a link. That’s where the scammers’ trap closes – the victim simply loses all the NFT from his wallet.
By the way, these very Beanz are far from being free now: according to the NFT Price Floor platform, the minimum price of a token from the collection equals 5.11 ETH or about $16,500.
In at least two cases, the aforementioned Twitter accounts of journalists were hacked with a phishing attack via an email newsletter. To recap, phishing is a type of fraud in which an attacker obtains confidential information from a victim through deception or social engineering techniques, but not through hacking. In other words, in this case, the victim himself provides the necessary data or conducts the necessary actions to lose assets.
One journalist told Decrypt that his stolen account sent out at least 6,000 tweets, and almost half of them mentioned the accounts of potential victims of the scam to draw their attention to the malicious link.
This fraud scheme is very similar in nature to the recent ApeCoin (APE) coin giveaway incident associated with the popular NFT collection Bored Ape Yacht Club (BAYC). Recall that in March, scammers managed to steal more than a million dollars worth of NFT through a fake APE giveaway. The principle is the same – victims lost their tokens after connecting a wallet through a malicious link.
Curiously, some victims of the ApeCoin scam claimed that they did not connect their wallet to the site specified by the scammers, but lost NFT anyway. With the help of stolen verified Twitter accounts, the scammers were able to convince many users of the plausibility of the APE giveaway. Again: tokens were indeed given away, but only to owners of copies of the BAYC collection.
After a while even the Discord server of the community was attacked. This time, it was also offered to take part in the “giveaway”, but supposedly for new unique tokens. Even despite the fact that there are a lot of experienced cryptocurrency users among BAYC owners, they found their victims here.
We believe that the activation of fraudsters in the field of NFT-tokens essentially just proves once again the potential and value of this category of digital assets. Despite this, circumventing such schemes is quite easy. Ideally, you should not go to any little-known sites and do not sign transactions there from the addresses that contain valuable tokens. Even if the temptation to explore a “new project” is great, it’s better to do it with separate wallets with a small stock of coins, which in case of what you can afford to lose. And addresses with expensive NFTs are best touched only when it really comes to selling the token.