New Type of Scam on OpenSea! Airdrop of unknown NFTs, followed by high bids to lure victims to phishing websites
If you find an unknown NFT airdrop in your wallet and someone offers to buy it at a high price, do not rush to accept it out of greed. This could be a new type of NFT scam currently circulating in the market!
Table of Contents
OpenSea Approves Transaction Mechanism
🧵Exploring the latest NFT scam 🧵
"I got an NFT airdrop from an unknown collection into my wallet with a 1 WETH offer. What's going on? Is it safe to accept?" pic.twitter.com/0ZEVLWVzp7
— foobar (@0xfoobar) May 30, 2022
NFT developer foobar analyzed a new type of scam encountered on Twitter today, explaining the transaction approval process of OpenSea. Generally, after approving a transaction, OpenSea is authorized through an external contract to use the token contract, allowing the transfer of users' NFT and WETH to complete the transaction.
You can check the authorization on websites like Revoke or Debank. The images below show that after the transaction is approved, OpenSea gains access to the tokens and NFTs.
In this scenario, if the authorized secondary market is malicious, they can easily steal users' assets. However, if the market's security is confirmed, even if the traded NFTs or tokens are not secure, there is no risk of loss as there is no direct interaction with the token or NFT contract.
Beware of Strange Airdrops!
The scam discussed in this article involves unknown airdrops that entice users to sell at high prices. Where are the traps set that lead to users' asset losses?
According to foobar, when users approve the contract to accept the offer, the offer is withdrawn, and an error message is received. The error message contains a URL that, when clicked, leads users to sign a malicious transaction, potentially resulting in asset theft if signed inadvertently.
These NFTs are proxy contracts that can be applied to other NFTs with the same logic.
The address collected a significant amount of ETH from 260 different addresses. These 260 addresses all created an NFT, which is the aforementioned proxy contract, to masquerade as a unique NFT collection to deceive users.
OpenSea Issues a Warning
「一贫如洗的我的钱包也差点被scam」:
早上OS钱包突然多了一个不知名的NFT, 然后还有一个相当诱惑的offer, 就没多想点了 accept, 没想到被OS提示说这个合约实现的有些可疑,就中断了授权。 pic.twitter.com/IIBdEO2jmy— ranlix.eth (@web3ranlix) May 29, 2022
Another Twitter user, ranlix.eth, provided an explanation for this phenomenon, stating that OpenSea immediately issued a warning when accepting the offer, indicating potential issues with the token contract.
In conclusion, when encountering similar situations, do not easily authorize contracts, as greed can lead to unexpected losses.
Related
- FTX to hold a large auction! Will sell all WLD tokens at up to 75% off.
- Interpol issues red notice for "Coin Young" Wong Ching-kit, a swimming coach turned cryptocurrency scammer, who promoted JPEX.
- Former chairman and lawyer of Jianyi Law Firm, Wang Chenhuan, suspected of aiding fraud and money laundering, has had his bail increased to 8 million and his freedom restricted.