The FBI warned that the account hijackers work to “create a sense of urgency” with their posts and urged people to vet any website or potential opportunity before clicking on it.
The United States Federal Bureau of Investigation (FBI) has warned of criminal actors hijacking social media accounts and posing as legitimate people in the nonfungible token (NFT) and crypto space.
It also raised concerns over spoof websites that dupe victims into thinking they are using legitimate platforms to steal their NFTs or crypto.
The warning comes as the number of victims having their funds drained from these two types of scamming methods continues to grow.
Recent phishing link from Uniswap founder Hayden Adams’ X account by hackers. Source: X (Twitter)
In an Aug. 4 public service announcement, The FBI urged people to be aware of “criminal actors posing as legitimate NFT developers in financial fraud schemes targeting active users within the NFT community.”
“Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project,” the FBI added.
Generally, the scam websites prompt people to connect their wallets to claim or purchase NFTs but are instead connected to a drainer smart contract, resulting in a loss of a person’s funds or assets.
However, it can sometimes be more complicated than that. There are some other ways that people can have their funds drained even when not directly choosing to connect their wallet to a suspicious website.
In an Aug. 5 X (formerly Twitter) thread, user StockEd stated that they mistakenly clicked on a spoof LooksRare NFT marketplace website and didn’t connect their hot wallet but still had more than $300,000 worth of NFTs stolen.
Alarmingly, the fake website was promoted at the top of Google’s search results as a paid ad, which has been a long-running issue yet to be solved by Google.
Was just talking with @bax1337 earlier today about how Google Ads phishing scams are out of control. Surprised no one has organized a class action against them. Have easily seen 8 figures stolen from them recently.
There was much debate in the comments as to how the victim could have their NFTs drained without connecting their wallet.
Some argued that malware enabling access or control to the victim’s computer was at play, while others suggested the scam website may have had a hidden MetaMask wallet signature link somewhere that was accidentally clicked.
Scam Sniffer indicated that the Pink drainer address was behind the phishing hack, while ZachXBT highlighted that it may have happened via two fake airdrop links promoted by Avalanche and QwQiao — two accounts that were hijacked over the previous 24 hours.
These two happened in past 24 hrs pic.twitter.com/KV5Kaxhihf
In the FBI’s warning, it outlined a handful of tips for people to protect themselves from these types of scams.
The FBI emphasized that people should research and “vet any opportunity,” such as surprise NFT drops or giveaways, before clicking on links. It also urged people to double-check for any discrepancies in website URLs or account names to avoid falling victim to impersonators.
The information provided in our posts or blogs are for educational and informative purposes only. We do not guarantee the accuracy, completeness or suitability of the information. We do not provide financial or investment advice. Readers should always seek professional advice before making any financial or investment decisions based on the information provided in our content. We will not be held responsible for any losses, damages or consequences that may arise from relying on the information provided in our content.