Nfts
User Loses $240,000 in NFTs After Blur Marketplace Hack
In a shocking turn of events, a crafty scammer has made off with a treasure trove of high-value NFTs worth approximately $239,676. The unfortunate victim, known as 0xQuit on X (formerly Twitter), reported the theft which included six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals, all selling for just one wei each, or practically zero.
The scam was no ordinary theft. The attacker exploited a flaw in Blur’s marketplace listing system to conduct private sales, despite Blur’s usual policies against such listings.
0xQuit, a Solidity developer and auditor, explained that the scammer manipulated the NFTs’ royalty parameters, thereby avoiding the public accessibility requirement.
Pink Drainer has learned how to hack their system to enable private sales on Blur.
Blur does not generally offer private listings. Any listing you create is open to everyone.
But lately, Pink has been buying items for 0 eth on Blur. How?
1/🧵— Quit (@0xQuit) June 1, 2023
In classic NFT scams, victims are tricked into selling their assets for next to nothing, allowing automated bots to scoop them up, leaving the scammer with empty pockets. However, the game has evolved.
Scammers are now tricking their victims into selling their NFTs at high prices, but are making sure that all profits are paid directly to the scammer’s address.
This new tactic involves setting a rule that cancels any transaction unless the scammer is actually buying, making the sale private. This prevents other buyers from intercepting these low-priced listings.
The scam took place when the victim signed something on a phishing website, usually promoted by a spoofed social media account advertising a free mint or airdrop verifier.
The incident highlights the ongoing risks in the NFT space and underscores the need for increased vigilance and security measures to protect valuable digital assets.
Read also : Indian police arrest $16 million in Max cryptocurrency trading scam