{"id":340283,"date":"2024-07-03T20:46:44","date_gmt":"2024-07-03T19:46:44","guid":{"rendered":"https:\/\/coinfomania.com\/?p=340283"},"modified":"2024-07-03T20:46:48","modified_gmt":"2024-07-03T19:46:48","slug":"phishing-scam-on-blur-marketplace-costs-user-almost-240000-in-nfts","status":"publish","type":"post","link":"https:\/\/coinfomania.com\/phishing-scam-on-blur-marketplace-costs-user-almost-240000-in-nfts\/","title":{"rendered":"Phishing Scam on Blur Marketplace Costs User Almost $240,000 in NFTs"},"content":{"rendered":"\n<p>It&#8217;s no secret that the cryptocurrency space can be risky, especially regarding the security of non-fungible tokens (NFTs). Recently, a user on the Blur Marketplace fell victim to a phishing scam and lost approximately $239,676, a source on X (formerly Twitter) revealed.&nbsp;<\/p>\n\n\n\n<p>The details are below, as reported by the source.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">A user just lost 6 BAYC, 40 Beanz, and 3 elementals by bulk listing them for 1 wei each to a scammer on Blur.<br><br>See my previous thread on the mechanics: <a href=\"https:\/\/t.co\/ihWKpshaIT\">https:\/\/t.co\/ihWKpshaIT<\/a> <a href=\"https:\/\/t.co\/3sLzMES59A\">pic.twitter.com\/3sLzMES59A<\/a><\/p>&mdash; Quit (@0xQuit) <a href=\"https:\/\/twitter.com\/0xQuit\/status\/1808310280906330607?ref_src=twsrc%5Etfw\">July 3, 2024<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-phishing-scam\">The Phishing Scam<\/h2>\n\n\n\n<p>According to reports, the heist targeted six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals, which were swiped from the user&#8217;s digital wallet and listed for one $WEI each on the marketplace. WEI, the smallest denomination of ether, the currency of the Ethereum blockchain, made the listing price essentially zero.<\/p>\n\n\n\n<p>The scam was a sophisticated maneuver that exploited a loophole in Blur&#8217;s listing system.&nbsp;<\/p>\n\n\n\n<p>The scammer altered the copyright settings of high-value NFTs on Blur, diverting all proceeds to their address. Leveraging a rule that canceled existing transactions, the illicit activity remained masked.<\/p>\n\n\n\n<p>The breach involved listing NFTs without the owner\u2019s knowledge, effectively bypassing the platform\u2019s safeguards.<\/p>\n\n\n\n<p>Essentially, the scammer tweaked the royalty settings of the NFTs, effectively sidestepping the platform&#8217;s policy against private listings. This allowed them to set up a private sale, ensuring that only their address could complete the transaction.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Pink drainer has learned how to hack his way into enabling private sales on Blur.<br><br>Normally, Blur doesn&#39;t offer private listings. Any listing you create is open to be fulfilled by anybody.<br><br>But lately, Pink has been buying items for 0 eth on Blur. How?<br>1\/\ud83e\uddf5<\/p>&mdash; Quit (@0xQuit) <a href=\"https:\/\/twitter.com\/0xQuit\/status\/1664373487165923328?ref_src=twsrc%5Etfw\">June 1, 2023<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>0xQuit, a Solidity developer and auditor, shared this report, shedding light on the probable tactics used by the scammer. It appears the scam was set up as a bait-and-switch tactic, luring the user in with the promise of a free NFT mint or airdrop event advertised on social platforms. Once the user engaged, they were deceived into signing off on a transaction on a fraudulent website.<\/p>\n\n\n\n<p>You&#8217;ll recall that <a href=\"https:\/\/coinfomania.com\/crypto-scam-over-145k-lost-in-new-bored-ape-nft-phishing-attack\/\">Coinfomania had reported a similar phishing scam<\/a> earlier in May, where a scammer (PinkDrainer) \u2018drained\u2019 the user (tatis.eth) of three BoredApeYachtClub NFTs worth around $145,000.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&amp;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> ZachXBT has detected that tatis.eth has fallen victim to a phishing attack, resulting in the loss of 3 <a href=\"https:\/\/twitter.com\/hashtag\/BoredApeYachtClub?src=hash&amp;ref_src=twsrc%5Etfw\">#BoredApeYachtClub<\/a> NFTs, specifically <a href=\"https:\/\/twitter.com\/hashtag\/BAYC?src=hash&amp;ref_src=twsrc%5Etfw\">#BAYC<\/a> #7531, <a href=\"https:\/\/twitter.com\/hashtag\/BAYC?src=hash&amp;ref_src=twsrc%5Etfw\">#BAYC<\/a> #6736, &amp; <a href=\"https:\/\/twitter.com\/hashtag\/BAYC?src=hash&amp;ref_src=twsrc%5Etfw\">#BAYC<\/a> #2100. <br>The scammer <a href=\"https:\/\/twitter.com\/hashtag\/PinkDrainer?src=hash&amp;ref_src=twsrc%5Etfw\">#PinkDrainer<\/a> has already sold the stolen <a href=\"https:\/\/twitter.com\/hashtag\/BAYCs?src=hash&amp;ref_src=twsrc%5Etfw\">#BAYCs<\/a> for a total of ~48.5\u2026 <a href=\"https:\/\/t.co\/vU0EPndvRM\">pic.twitter.com\/vU0EPndvRM<\/a><\/p>&mdash; PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1788463174041366692?ref_src=twsrc%5Etfw\">May 9, 2024<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-keeping-your-funds-safe-and-hot-wallets-protected\">Keeping Your Funds Safe and Hot Wallets Protected<\/h2>\n\n\n\n<p>In the wake of this incident, users are urged to be vigilant when trading or storing digital assets. Basic precautions such as double-checking URLs, being wary of unsolicited communications, and keeping private keys secure can go a long way in preventing such unfortunate incidents.<\/p>\n\n\n\n<p>As the saying goes, \u201cBetter safe than sorry.\u201d In the unpredictable world of trading cryptocurrencies, these words are especially relevant.<\/p>\n\n\n\n<p>Here are some crucial tips to remember:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Double-check website URLs:<\/strong> Scrutinize every link before clicking. Malicious actors often create websites with URLs that closely resemble legitimate platforms. A single typo could lead you to a perilous phishing site.<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>Beware of unsolicited messages:<\/strong> Never click links or download attachments from unknown senders. Phishing scams can also occur through <a href=\"https:\/\/coinfomania.com\/u-s-authorities-warns-the-general-public-against-crypto-scammers-impersonating-government-officials\/\">social media<\/a> and <a href=\"https:\/\/coinfomania.com\/coingecko-breach-beware-phishing-emails-targeting-your-crypto\/\">email<\/a>.<\/li>\n\n\n\n<li><strong>Prioritize wallet security:<\/strong> Utilize strong passwords and enable two-factor authentication (2FA) whenever possible. Refrain from sharing your private keys with anyone.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s no secret that the cryptocurrency space can be risky, especially regarding the security of non-fungible tokens (NFTs). Recently, a [&hellip;]<\/p>\n","protected":false},"author":69,"featured_media":340287,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[245,5],"tags":[11,1382,128,384],"ppma_author":[2366],"class_list":["post-340283","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scam-alert","category-crypto-news","tag-crypto-news","tag-nfts","tag-regulation","tag-scam-alert"],"acf":[],"authors":[{"term_id":2366,"user_id":69,"is_guest":0,"slug":"ayanfe","display_name":"Ayanfe Fakunle","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/93a3a58ce298159a3ebee896ecd6a734?s=96&r=g","first_name":"Ayanfe","twitter":"","instagram":"","linkedin":"https:\/\/www.linkedin.com\/in\/ayanfe","user_url":"","last_name":"Fakunle","facebook":"","description":"Ayanfe Fakunle is an expert content writer, journalist, and editor at the intersection of crypto, finance, and web3. His mission is to make crypto accessible, engaging, and exciting for everyone."}],"_links":{"self":[{"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/posts\/340283"}],"collection":[{"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/users\/69"}],"replies":[{"embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/comments?post=340283"}],"version-history":[{"count":1,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/posts\/340283\/revisions"}],"predecessor-version":[{"id":340302,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/posts\/340283\/revisions\/340302"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/media\/340287"}],"wp:attachment":[{"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/media?parent=340283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/categories?post=340283"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/tags?post=340283"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/ppma_author?post=340283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}