By - The user swindled out of $240,000 worth of NFTs on Blur
- Six Bored Ape Yacht Club NFTs, 40 Beanz, and 3 Elementals lost
- Phishing scam took advantage of a loophole in Blur’s listing system.
- The scammer changed royalty settings for private sales
A user has fallen victim to a phishing scam on the Blur marketplace that drained them of approximately $240,000 worth of non-fungible tokens (NFTs).
The six Bored Ape Yacht Club NFTs, 40 Beanz, and three Elementals were lost after the individual listed their assets for next to nothing following a deception. It is another example of how complex phishing schemes are targeting the NFT community.
A User Just Lost $240,000 in NFTs on the Blur Marketplace ⤵️ https://t.co/D6ZPuJXwwA
— Cryptribune (@cryptribune) July 3, 2024
Abusing The Blur Marketplace
The fraud was brought to light by Solidity developer and auditor 0xQuit on X (formerly Twitter). According to them, the attacker exploited a gap in Blur’s listing system which allows private sales.
This means that the scammer could manipulate the royalty settings of those NFTs without fulfilling public accessibility requirements from Blur’s end.
In an attempt to receive money for each transaction made through his manipulated account address, the scammer set up a rule that canceled any such unless they were themselves buyers.
By making all purchases “private”, he had no competition as automated bots designed specifically for this purpose never had an opportunity to intervene because automated bots typically buy under-priced NFT.
How The Scam Worked?
Normally if someone were tricked into listing an NFT for some minimal price there were situations when bots would spot it and immediately purchase it leaving scammers with no gains.
However new approach used by them consists of cheating users into putting their NFTs up at higher prices than usually expected which results in that moment when everything is listed all proceeds go to the scammer’s address.
The mechanism of the trick was such that the scammer used wei, the smallest unit of ether, for listing these NFTs. The total value based on its current floor price amounts to approximately $239676. Thus showing how much financial damage it caused to the victim.
Prevention and Awareness
This incident calls for greater caution as well as improved security measures among traders dealing with NFTs. Users should cross-check transaction information and be suspicious of unfamiliar requests related to asset listing.
Security protocols employed by platforms like Blur need constant upgrading to forestall such kinds of fraudulent activities from taking place within their systems.
Sophisticated cybercriminals are also attracted by the highly lucrative nature displayed by the NFT market. As this sector advances so do strategies adopted by those intending on benefiting through illegal means.
It therefore becomes imperative for both service providers and clients alike not only to keep themselves abreast but also proactive enough to protect their investments.
