Last updated:
| 2 min read
An NFT trader lost over $145,000 worth of tokens in a BAYC phishing scam, according to May 9 data from on-chain security platform PeckShield.
PeckShield revealed that a trader known as “tatis.eth” fell victim to a phishing scam perpetrated by an attacker identified as “PinkDrainer.” The malicious entity stole three valuable BAYC NFTs – BAYC 7531, BAYC 6736, and BAYC 2100 – from the trader’s wallet.
The BAYC Phishing Scam That Led to the Loss of $145,000 Worth of NFTs
BAYC, also known as Bored Ape Yacht Club (BAYC), is a collection of 100,000 Ethereum-based collectibles. These NFTs are among the most influential and expensive ones around. They feature profile pictures of bored cartoon apes in various facial expressions and clothing.
#PeckShieldAlert ZachXBT has detected that tatis.eth has fallen victim to a phishing attack, resulting in the loss of 3 #BoredApeYachtClub NFTs, specifically #BAYC #7531, #BAYC #6736, & #BAYC #2100.
The scammer #PinkDrainer has already sold the stolen #BAYCs for a total of ~48.5… pic.twitter.com/vU0EPndvRM— PeckShieldAlert (@PeckShieldAlert) May 9, 2024
A similar report from ZachXBT revealed that the stolen NFTs were transferred to a phishing address labeled “Fake_Phishing328357” on May 8 at 5:47 PM UTC. Thereafter, the attacker sold the three NFTs for a total of 48.5 ETH, equivalent to approximately $145,000.
This is not the first time the “PinkDrainer” scammer has been involved in such atrocious activities. Cyvers Alerts, a real-time security alert platform, recently reported a similar phishing scheme where a victim’s wallet was drained of $92,800 worth of Ethereum to the same “PinkDrainer” address.
🚨ALERT🚨Our system just detected #PinkDrainer phished and address at https://t.co/WA1Jg18sbL
Victim lost $92.8K worth of $stETH.
Victim: https://t.co/NT0lpuIlPB
Scammer: https://t.co/RdUNZJ1F7W
Fund are funneled to https://t.co/hyH2yXD4Tmhttps://t.co/hyH2yXD4TmWant to keep… pic.twitter.com/1kbcI95PsK
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 9, 2024
In December 2023, the same hacker group reportedly stole Chainlink (LINK) tokens worth $4.4 million by tricking users into authorizing transactions linked to the “IncreaseAllowance” function.
In Q4 of 2023, recurrent incidents of scammers impersonating reputable platforms and protocols to obtain transaction approvals and steal digital assets from unsuspecting users were widely reported.
A notable instance was the JPEG’d NFT protocol, where the community had to come out in October 2023 about multiple fraudulent platforms imitating its offerings in an attempt to obtain transaction approvals so they could scam users of their NFTs and digital assets.
Over $104 million Has Been Lost to Crypto Phishing And NFT Scams in 2024
The crypto industry has been on the receiving end of enormous losses due to phishing attacks in the first two months of 2024.
According to Scam Sniffer data, an estimated 97,000 users have fallen victim to these sophisticated scams, resulting in a total loss of $104 million worth of cryptocurrencies. This was followed by its report that showed $46.86 million worth of crypto was stolen in February 2024.
The Ethereum ecosystem has been specifically targeted, with $78 million of the total losses coming from users’ Ether and ERC20 tokens being drained from their wallets.
Most of these funds were lost due to unsuspecting users signing malicious signatures, such as “ERC20 Permit” and “increaseAllowance,” which grant attackers unauthorized access to their assets.
Crypto News also reported in April 2024 that phishing campaigns were targeting users of Etherscan, with several advertisements being used for malicious operations.
Scam Sniffer’s analysis revealed that cybercriminals have been leveraging social media platforms, particularly X (formerly Twitter), to lure unsuspecting victims to phishing sites.
These hackers post deceptive comments under the X posts of targeted accounts in a way that impersonates their customer representatives and directs users to malicious websites where their assets are compromised.
While the losses in the first two months of 2024 are concerning, they represent only a fraction of the $300 million in total funds lost by users to crypto phishing attacks throughout 2023.
Read the full article here