Schoolchildren are stealing NFTs worth millions of dollars to purchase Roblox skins in a phishing frenzy.
Apparently, schoolchildren are phishing millions of NFTs for Roblox skins.
In the world of non-fungible tokens (NFTs), phishing attacks have taken a worrisome turn as school children apparently steal millions of dollars worth of NFTs to spend on coveted Roblox skins.
The Block this weekend highlighted the new and unsettling trend in a post, claiming that an increasing number of exploits using hacked Discord servers and Twitter accounts have been planned by youngsters.
The incident involved the Ethereum-based bridge protocol Orbiter Finance, and it was specifically investigated in the article. A purported journalist had contacted the Discord server admins, deceiving them into giving up control of the server.
Taking advantage of the situation, the offender released a bogus airdrop notice that led users to a phishing site intended to steal NFTs.
According to reports, the phishing assault cost almost $1 million in NFTs and cryptocurrency.
Also Read: NFT Scams: How to Protect Yourself from Them
Notably, the incident was part of a bigger wave of phishing attacks in the NFT industry rather than a single incident.
Since December 2021, at least 900 Discord servers have been the target of similar attacks, with a noticeable rise in recent weeks and months, according to data gathered by the NFT analyst known as OKHotshot.
Even when only considering the period from June 1 of this year, it is evident that the issue is getting worse: Since then, phishing scams using cryptocurrency and NFT have affected as many as 46 Discord servers, according to a tweet from OKHotshot on June 16.
Discords continue to be prime targets for crypto and nft scammers. 46 Discords have already been compromised since June 1st❗️ pic.twitter.com/S9DUV3zgaG
— OKHotshot (@NFTherder) June 15, 2023
According to The Block’s article, over 32,000 wallets have been impacted by these malicious operations in total over the past nine months, resulting in a total loss of $73 million in NFTs and tokens that were stolen.
The situation is more alarming because of the involvement of youth, with an estimated 95% of the attackers being high school kids under the age of 18, according to an anonymous security researcher by the name of Plum, who was quoted in the article.
According to him, when students have more time on their hands during the summer vacations, their involvement tends to rise.
He added that the kids’ preferred purchases with the money they received through the scam were Roblox skins, computers, phones, designer clothing, and so on.
“I know they are still in school because I have personally spoken to quite a few of them. I have seen photographs and videos of a number of them from the schools they attend. Regarding the offenders behind the most recent phishing outbreak in cryptocurrency, Plum was reported as stating, “They talk about their teachers, how they’re failing their classes, or how they need to do homework.
These youngsters make little effort to conceal their newfound wealth.
“They’ll spend a ton of money on Roblox in addition to purchasing a laptop, multiple phones, and shoes. For the most part, they are all Roblox players. Therefore, people will purchase the majority of amazing accessories for their Roblox characters, video games, skins, and other such items, stated Plum.
In addition, students frequently spend hundreds of dollars on Uber Eats, purchase designer clothing, hire individuals to do their schoolwork for them, and even purchase cars that they are not yet licensed to drive, according to Plum. In addition, they gamble.
They’ll stream their $40,000 bets to all the other hitters in a Discord call while playing an online poker game. This person’s poker game will be seen by everyone, they claimed.
According to Plum, the exploiters try to hide their tracks by paying people in lower-income countries to register on exchanges using their personal information, obscuring the trail when they cash out. But they said that if it weren’t for law enforcement’s lack of interest in finding them, at least a number of them should have been arrested by now since they leave adequate proof of their deeds.
In response to the question of why such attackers believe they can get away with their crimes, Plum posited that “they feel invincible, they have God mode — that no one can touch them.”
Although countries like North Korea participate in phishing assaults that target NFTs, Plum claimed that these nations tend to utilize their own drainers and are less likely to sell drainers. The people who develop the NFT drainers, who occasionally conduct assaults using their own technology, are a little harder to track down, but their fake identities nevertheless leave an apparent trace.