Hackers and scammers appear relentless in attacking the non-fungible token investors despite them facing massive losses from the recent bear market, which left their portfolios down over 80% in the past two years. In a recent attack, a non-fungible token collector has just lost digital items worth more than $200,000 to a scammer on Blur.
An NFT Investor Loses $240K In A Hack
In a July 3 blog post, Quit, an on-chain crypto sleuth, Solidity dev and auditor, confirmed that a non-fungible token collector has just lost 6 Bored Ape Yacht Club, 40 Beanz, and 3 Azuki Elementals NFT collections after bulk listing them for one wei each to a scammer on Blur.
A user just lost 6 BAYC, 40 Beanz, and 3 elementals by bulk listing them for 1 wei each to a scammer on Blur.
See my previous thread on the mechanics: https://t.co/ihWKpshaIT pic.twitter.com/3sLzMES59A
— Quit (@0xQuit) July 3, 2024
Bored Ape Yacht Club is a non-fungible token collection from the digital asset firm Yuga Labs, while Beanz and Azuki Elementals are non-fungible token collections from the digital asset firm Chiru Labs. The value of the stolen NFT collection is estimated to reach nearly $240,000.
Among the non-fungible token collections stolen include the Bored Ape Yacht Club #4008, Bored Ape Yacht Club #4144, Bored Ape Yacht Club #9141, Bored Ape Yacht Club #8179, Bored Ape Yacht Club #439 and Bored Ape Yacht Club #90. This user lost his portfolio via a private listing on the Blur NFT marketplace.
How Did This User Lose His NFTs?
Typically, Blur doesn’t offer private listings. Any listing users create is open to be fulfilled by anybody, including scammers. In most cases, if a scammer plans to phish an investor by creating a Blur listing for 0 ETH, he would immediately get front run by arb bots willing to pay most of the value of the NFT to block validators to land the purchase.
Last year, Pink Drainer learned how to hack into enabling private sales on Blur and walked away with thousands of dollars worth of digital items. In most cases, scammers have been caught phishing signatures to list items above the floor, with their own address set as the royalty recipient with 100% royalties.
Shockingly, Pink Drainer took this hacking idea further and set a royalty recipient with 100% royalties. But instead of setting that recipient to himself, he put it into a contract. That contract reverts for any transaction in which Pink is not the origin.
Even though the NFT collection is publicly listed for 0 ETH, Pink is the only one who can fulfil it. If somebody else tries, the royalty payment reverts, meaning the entire transaction reverts. This effectively makes it a private transaction. The subject user likely lost his NFTs from a similar scam trick.
Related NFT News:
PlayDoge (PLAY) – Newest ICO On BNB Chain
- 2D Virtual Doge Pet
- Play To Earn Meme Coin Fusion
- Staking & In-Game Token Rewards
- SolidProof Audited – playdoge.io
Credit: Source link