Bored Ape Yacht Club NFTs Worth $240K Stolen in Blur Marketplace Phishing Scam

• In a recent case, a user has experienced significant losses due to a phishing scam that targeted the Blur marketplace, draining the user of several high-value non-fungible tokens (NFTs).
• The incident involved the theft of six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals, all of which were listed at one wei each — essentially rendering them worthless.
• According to current floor prices, the total value of the stolen assets is estimated to be approximately $239,676. Wei is the smallest denomination of ether on the Ethereum blockchain.

A user lost NFTs worth nearly $240,000 in a sophisticated scam on the Blur marketplace. Learn about the tactics used and preventative measures that can help secure your digital assets.

Sophisticated Phishing Scam Targets Blur Marketplace Users

A user recently reported a massive loss of high-value NFTs on the Blur marketplace due to an advanced phishing scam. The stolen assets include six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals, all of which had been listed at one wei each by the scammer. The aggregate value of these NFTs, according to their current floor prices, approximates $239,676. The phishing attempt was orchestrated through a loophole in Blur’s listing system, which allowed the scammer to conduct private sales without public accessibility.

Exploiting Listing System Vulnerabilities

The scammer manipulated the royalty settings of the stolen NFTs, effectively nullifying Blur’s policy against private listings. Generally, if an NFT is listed at an extremely low price, automated bots rapidly purchase it, leaving the scammer empty-handed. In this case, however, the scammer circumvented this by making it possible for only their address to fulfill the transaction. By setting up rules that cancel any transactions not made by their address, the scammer ensured the listing remained private and executable solely by them.

Phishing Methods and Preventative Measures

According to 0xQuit, a Solidity developer and auditor who disclosed the scam, the phishing attack involved tricking the victim into signing a transaction on a fraudulent website. Typically, scammers lure victims by impersonating legitimate accounts and offering free mints or airdrop checkers on platforms like Twitter. Users should be cautious of unsolicited offers and verify the authenticity of links and accounts before engaging in transactions. Employing hardware wallets and enabling additional security features such as two-factor authentication (2FA) can also mitigate risks.

Increasing Trend of NFT-Related Scams

The rise of NFTs since late 2020 has also seen a corresponding increase in related scams. As these digital assets gain more value, they become lucrative targets for cybercriminals. Government authorities are beginning to take these crimes seriously; for instance, three UK nationals were recently charged with orchestrating a $3 million scam related to the “Evolved Apes” NFT collection.

Conclusion

This recent incident highlights the growing risk of scams in the NFT marketplace. Users must remain vigilant and take proactive steps to secure their digital assets. By staying informed and adopting robust security measures, individuals can better protect themselves against sophisticated phishing attacks and similar threats.