On Sunday morning, the digital artist Beeple is the latest victim in a series of NFTs phishing scams. The hacker gained access to Beeples’ Twitter account and used it to post links for phishing mints. Once a user connects their wallet to Mint, it’ll trigger the wallet to transfer all NFTs to the scammer’s wallet.
First Scam
The first incident was set up to only withdraw from the user account. Once the contract 0x7…a7d receives a certain amount in mint fees, it’ll transfer the total amount to the creator’s address 0xf…983.
We used MistTrack to generate a visual display of incoming and outgoing transactions.
As you can see, the scammer used fixedfloat to deposit the 0.47 ETH needed to create the mint contract. The scammer received 36 ETH from this incident and then deposited it into Tornadocash in multiple transactions.
Second Scam
The second scam was responsible for significantly more damage than the first. Users were tricked into sending their NFTs to this address. We used NFTScan to track down all the NFTs sent to this address.
https://www.nftscan.com/search/0xcad7fc974F61A08ADEF110D1BA446fa5b5B5Bb27
As you can see, this address received 169 NFT’s and sold 74 for close to 90 ETH( about 180k). They’re still holding onto 5 NFTs at the time of writing.
Upon closer inspection, we can see that most of the NFT’s were sent to another address to be sold. https://www.nftscan.com/search/0xd1af4373bfcbe7825c71cabbfdaff497f1cd9930
The scammer was able to sell an additional 67 NFTs for 66.4 ETH( about 135k) using this address. They’re still holding onto 11 NFTs with this address at the time of writing this article.
We then used MistTrack to track the movement of these stolen funds.
The first wallet we investigated was 0xc…b27. As you can see, once it received payment for the NFTs sold, it transferred close to 100 ETH to 0xd…aea.
We then shifted our attention to this address 0xd…aea. This address actually received additional funds from two separate accounts. One of them is from the second address used to sell the stolen NFTs(0xd…930), receiving around 60 ETH and another 29 ETH from the address 0x4…59e. The scammer then deposited 163 ETH into Tornado.cash and transferred 25 ETH into this address (0x5…43c) where it remains at this time.
In total, the scammer stole around 36 ETH from the first incident and close to 160 ETH worth of NFTs. Bringing the total loss from both scams to around 200 ETH or around 400k.
We’ll continue to monitor all addresses involved, even the mysterious address that sent 29 ETH to 0xd… aea, as well as the address that’s currently holding 25 ETH.
We strongly advise that users read the “Blockchain Dark Forest Self-Guard Handbook” in order to protect themselves from incidents like this. Immediately revoke permission if you think you’ve interacted with a malicious contract. You can use https://revoke.cash/ to revoke permissions. If your wallet has been compromised, make sure to immediately transfer your funds to another wallet. Always be vigilant, remain suspicious, and trust nothing.
About us
SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as Huobi, OKEx, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, O3Swap, etc.
SlowMist offers a variety of services that include by are not limited to security audits, threat information, bug bounties, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, Cloudflare, BitDefender, FireEye, TianJi Partners, IPIP, etc.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.
