Losing 250 ETH Worth of NFTs! Bored Ape Collector Accuses MetaMask of Poor Design Leading to Theft
"I was 'scammed, manipulated by the community, hacked' on Discord and OpenSea, losing three Bored Ape, four 0n1 Force, and three World of Women NFTs," expressed Sohrob Farudi, the founder of the American football game Fan Controlled Football FCF, despairingly on Twitter.
Farudi claims to have lost approximately 250 eth worth of NFTs simply because he was misled into exposing the MetaMask QR Code of his Google extension plugin.
I was scammed / socially manipulated / hacked on @Discord and @OpenSea and lost three @BoredApeYC, four @0n1Force, and three @worldofwomennft totally roughly 250 eth in value by getting tricked into exposing the Metamask QR Code in the Chrome Browser Extension. I’ve never felt pic.twitter.com/aiaENpwLVP
— Sohrob.eth Farudi 🍌 ⭕️ (@sohrobf) August 25, 2021
Table of Contents
NFT Scam: Trouble Caused by MetaMask
"We hope that MetaMask can change this terrible QR Code feature because it is completely unnecessary and a clear vulnerability," Farudi stated.
It all started when I bought BAKC #648...
Note: BAKC, Bored Ape Kennel Club, is a pet NFT that owners of a Bored Ape can acquire.
Receiving a Private Message, Letting Guard Down
He mentioned encountering issues with listing an NFT on OpenSea. So, he went to the support channel on BORED APE YACHT CLUB, or BAYC's Discord, where members Gargamel and NoSass were present.
He received a private message from NoSass, which included a link to another group. Without much thought, he found himself working on a user issue with four other people simultaneously and did not raise any suspicions. The individuals began using various questions to divert Farudi's attention.
Farudi mentioned that he had completely let his guard down at that point, thinking this was part of the privileges of being in BAYC. He was asked to share his screen in an attempt to resolve the issue.
The "helpers" mentioned that due to recent updates, MetaMask might be causing problems. They advised Farudi to resynchronize the mobile and web plugin versions of MetaMask. Unfamiliar with these operations, he followed the guidance of the "helpers," entering the advanced settings page, pressing the sync button on his phone, and so on.
After pressing that button, MetaMask displayed a warning message stating that a confidential QR Code would appear, granting access to his account, and cautioning the user not to share it with anyone. Farudi believed that although no helper would ask you to do this, he thought these people were the "founders" of BAYC, so he overlooked these warnings...
Blaming MetaMask for Poor Design
In the end, Farudi believed that MetaMask messed everything up. After the warning mentioned earlier appeared, the next screen directly displayed the QR Code with the message: "No one can see this QR Code when you scan it." He felt that MetaMask should not have displayed the QR Code so quickly, and the warning was not clear enough.
Assistance from OpenSea
After the NFT was stolen, he mentioned that OpenSea promptly froze the auction of the stolen NFT, but there were still some community friends who ended up with the stolen goods.
Turns Out It Was an Impersonation Scam
Farudi finally discovered that the "founders" who contacted him in the BAYC Discord support channel were all impersonating scammers.
He mentioned the need to raise awareness about the vulnerabilities in Discord communities. He also learned his lesson and aimed to become stronger in the world of the metaverse.
Related
- Bored Ape Yacht Club teams up with Arbitrum to launch native revenue chain, can Ape Chain bring BAYC to greatness again?
- NFTs Plunge Across the Board! Blue-chip Projects See Monthly Declines of Over 30%, KOLs Point Out: Who's Speculating on NFTs in a Bull Market?
- How does the Avatar project Pandora utilize ERC404 to bring NFTs into the Uniswap liquidity pool?