On Twitter, Josh Chavez posted a tragic story about a dangerous scam he had indeed fallen victim to. An old-style method was used by fraudsters to send an infected file as an email attachment.
Hacker scams NFT artist on Instagram. American NFT artist Josh M. Chavez reported on January 19, 2022, that scammers had stolen all of the tokens and NFTs from his MetaMask on-chain cryptocurrency wallet.
Today my MetaMask was drained and NFTs sold, all within a few minutes.
Never thought it would happen to me as I live on the internet and can spot scams a mile away, but today I forgot to double check one small detail: 🧵 pic.twitter.com/HwkIW14mTT
— ⊕ Josh Chavez (@tropicalratchet) January 19, 2023
The artist stated that he had received a direct message on Instagram from a potential client. Chavez made a mistake and overlook the information that the “customer’s account “was being mainly followed by bots. A stranger placed the order for the cover image for their upcoming song.
Chavez asked them to share details regarding the request, such as details regarding the release, budget, concept, references, and so forth. Chavez received an email containing all of these details.
The documents were sent by the fraudster, who referred to himself as “Oscar Davies,” and one of the documents was labelled as a.pdf but actually had the filename extension.exe. When opened, EXE files are designed to run computer programs.
The moment the file was opened, it was immediately connected to Chrome, the web browser that integrates MetaMask wallets. It swiftly removed tokens from MetaMask and sold every NFT on auction for a tiny fraction of their actual worth.
The NFT Sector Is Rife With Tricky Scams.
Chavez highlights how expertly the entire social engineering process was designed: despite his knowledge, he missed warning signs: I spend my days online and have developed a keen eye for scammers, but today I neglected to double-check one minor detail (…) This was a routine task that I had done complacently often with clients, so I wasn’t just in a hurry.
In the past, from Q4, 2022, to Q1, 2023, sophisticated scam campaigns targeted well-known NFT market players. The social media accounts of BAYC’s creator Greg Solano were hacked in November, and phishing URLs then started to circulate.
In the excitement surrounding the FIFA World Cup in Qatar, scammers were able to get past Twitter’s security measures and advertise a fake Binance x Cristiano Ronaldo NFT airdrop.
Scam Alert: MetaMask Warns Cryptocurrency Users Regarding “Address Poisoning”
Crypto Scams! Alert! Robocallers Are Now Attacking Your Cryptocurrency