A user recently lost their valuable NFTs, worth about $240,000, in a phishing scam on the Blur marketplace.
The incident, reported by Shubham_Anzali on X (formerly Twitter), involved six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals. These were listed for just one wei each, which is almost nothing. Wei is the smallest unit of ether on the Ethereum blockchain. The total value of the lost NFTs is around $239,676 based on current prices.
According to Shubham_Anzali, a Solidity developer and auditor, the scammer used a loophole in Blur’s listing system to make private sales possible. Normally, Blur doesn’t support private listings, but the scammer found a way to change the royalty settings on the NFTs, avoiding the need for public access.
Usually, if someone lists an NFT for almost nothing, bots quickly buy it by paying higher fees, which leaves the scammer with nothing. But now, scammers trick people into listing NFTs at high prices, with the money going straight to the scammer’s address. They do this by setting a rule that cancels any transaction unless the scammer buys it, making the sale private. This stops others from buying the low-priced NFTs.
The scam involved getting the victim to sign something on a phishing website. These websites are often promoted by fake accounts on Twitter offering free mints or airdrop checks.
NFT scams have been a big problem for marketplaces and users since NFTs became popular in late 2020 and early 2021. In some cases, authorities have tracked down scammers who stole millions. For example, last month, three people in the UK were charged for a $3 million scam related to the “Evolved Apes” NFT collection from 2021.
By clicking "Accept All Cookies", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in improving your experience.