Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label NFT. Show all posts
The Simpsons
Bitcoin Bored Ape NFT cryptocurrency NFT NFT Market Technology The Simpsons

What is up with the NFTs?


In the latest episode of the infamous The Simpsons, the hapless father Homer turns himself and later his son Bart into an NFT, in an attempt to gain millions.

However, things take a different turn when he finds out (from a pizza cat), that the NFT ‘craze’ is over. 

This episode is gaining wide recognition from the NFT fans and sceptics for the Simpsons makers for creating a parody related to the crypto industry and how it peaked a few years ago but has since quieted down. 

Are NFTs Really Dead? 

According to an analysis of the issue, the famous Non-Fungible Token market witnessed its biggest low recently, with October being labelled as a “Floptober.”

According to researchers at Dapp Radar, the NFT value has hit its lowest since the NFT market peaked. 

The overall amount of money sold in the sector, or trading volume, has decreased by 89% since the start of 2022.

It was $12.6 billion (£10.4 billion) in the first quarter of 2022, and as of the third quarter of 2023, it is only $1.39 billion.

Additionally, the sector is shrinking. The makers of the infamous Bored Ape NFTs, Yuga Labs, revealed an undisclosed number of layoffs last month.

Among its most well-known series is Bored Ape Yacht Club. Millions of dollars were once paid for NFTs, which were driven by wealthy customers such as talk show presenter Jimmy Fallon and media sensation Paris Hilton.

Since October 2022, Paris Hilton has not posted on X (formerly Twitter) about the NFTs, despite the fact she has posted almost daily from January and February 2022 to promote her collections. 

The value of the cheapest NFT in the collection, Bored Ape NFTs, peaked in the beginning of May 2022 and cost approximately $268,000 (144 Ethereum tokens), according to the NFT Price Floor website. It is now only $56,000.

Due to increasingly poor bids, US collector and artist Taylor Whitley was compelled to sell six of his seven highly valued Bored Ape NFTs.

"I haven't really wanted to sell, but the market is really bad, so it's the smart thing for me to do. I think the NFT market could even go lower," states Taylor in a talk with BBC.

Taylor rejected many better offers for his most prized Bored Ape in the past, but last month he sold it for $212,000 dollars.

If he had sold at the peak, he could have received at least ten times more for his NFTs. Even though it hurt, he was an early investment and still made huge gains. He made 1,000 times more money on his most recent transaction than on his original $200 investment.

For every Bored Ape NFT, there are several other smaller brands and artists that are aiding the NFT industry.

Angie Taylor, a Scottish artist, used to receive up to $8,000 for every NFT piece, but these days she only makes about $600.

She was forced to return to her part-time tutoring work before to NFT.

She says, "I'm still selling bits and pieces here and there, but I am having to do a day job as well. I can't make a living off this anymore with nothing else."

However, she was aware that the bubble would eventually burst. 

"I kind of budgeted for this to happen, because I thought, this is a boom and bust type of situation," she says.

Obviously, this is a buyers' market, and many contented purchasers are taking advantage of the slump.

Recently, Adam, also known online as Little Fish, made $663,000 for his crypto-punk artwork NFT.

Although the European full-time cryptocurrency investor recognizes that the sum is substantial, he believes he received a good deal on his CryptoPunk #36009./ After all, its seller turned down a $1.18 million offer a year ago.

"The downturn is exactly why I bought it. People are desperate. In the winter time you can buy summer clothes for cheap," he says.

Adam further says that he believes that summer will come again for NFTs, and he will “enjoy it,” whenever it does.  

Read more »
Web
cryptocurrency Cyberattacks CyberCrime Cybersecurity Digital Espionage NFT Technology Web

Digital Espionage: German Intelligence Agency's NFT Collection Sets New Recruitment Standards

 




Using non-fungible tokens (NFTs), the German Federal Intelligence Service Bundesnachrichtendienst (BND) has begun attracting cyber and blockchain talent. To help recruit qualified employees, the BND has posted nearly 1,000 NFTs with a dog motif on the Ethereum blockchain alongside an on-chain treasure hunt. 

With the rise in interest in cryptocurrency and blockchain technology in recent years, this move represents a strategic effort on the part of the company. This is to attract the most skilled cybersecurity talent available. A dog-themed collection from BND, the "Dogs of BND" collection, is a collection of traditional NFTs showing a variety of canine characters with unique personalities. Among the 999 pieces in the collection, 987 of the NFTs can be minted by individuals who succeed in the treasure hunt and are successful in collecting the coins. 

A string of hidden characters embedded by the German Defense Agency (BND) must be unraveled by prospective participants who are 13 years or older and German citizens. Research and tracking are required to identify this string, which can be a wallet address, transaction hash, block, or token number. This will uncover valuable clues that will enable the holder of the NFT collection to obtain access to the collection. 

According to the agency's website, each NFT was initially offered at a symbolic floor price of 0.000001 ETH (Ethereum) and has the opportunity to be acquired until all 987 pieces have been minted, which ensures that everyone can access the NFT program, regardless of their financial situation.  

On OpenSea, the floor price for NFTs has risen from 0.012 ETH to 0.05 ETH at the time of this report. This indicates a large spike in price. Digital tokens represent a specific agent and each token includes details about the specific skill sets the Bureau of National Statistics is seeking from the candidate. 

The collection consists of 999 generative avatar images depicting dogs of varying characteristics who are inspired by the agency's Pullach branch service dogs, Inka and Alex. PFP has many standard characteristics, including background colors, clothing, eye-gear, headgear, and hairstyles, among several others.

Even though the collection has been fully minted on the Ethereum blockchain, users will be able to acquire the pieces within it. This is done by taking part in a cryptographic treasure hunt that requires their participation. Cybersecurity is a field in which problem-solving skills are crucial. Therefore, this program aims to stimulate those skills in students.

The BND's website states that the NFTs are only able to be collected by locating a special character string that is placed on Instagram and then searching through it. An Ethereum address can be represented by this character string. An individual with this knowledge would be qualified to mint an NFT to locate the collection and obtain the collection. 

There have been accusations of misleading statements about exchange assets made by the Securities and Exchange Commission (SEC), Binance, Binance.US, and the company's CEO Changpeng Zhao against the US Securities and Exchange Commission (SEC). According to their filing in court on June 21, 2023, the SEC made misleading statements in a news release published on June 17. This led to the following lawsuit. According to them, it is their responsibility to adhere to the rules of conduct. 

CZ and Binance are alleged to have been able to commingle or divert customer assets between each other because of the motion filed in response to the SEC's claim. According to a transcript of the court proceedings, there was contradictory evidence to support this claim. There was no evidence of misappropriation or dissipation of customer assets in the filing that was submitted by Binance Holdings Limited, Zhao, and Binance's legal teams. 

A second concern was raised in the statement, which was that the SEC's press release might confuse the market and harm Binance.US customers by presenting misleading descriptions of the evidence and potentially influencing the jury pool as well. 

Guests of the German agency's website can find details of the collection on its website. Those hunters are supposed to find a string of characters (in this case, an address of a wallet, the hash of a transaction, the block or token number) hidden as a clue by the agency. The user has access to all the coins in the collection as soon as they find the correct data. 

It is estimated that it would cost less than a cent to mint NFTs (excluding gas fees), yet the floor price of the collection on OpenSea, the secondary market, is currently 0.045 Ethereum, or about $82. The collection contains 999 NFTs, but only 987 NFTs can be minted by players throughout this year. Upon the creation of all 987 tokens, the treasure hunt will be over and the hunt will have come to an end. 

There is a treasure hunt taking place spearheaded by the German cryptocurrency publication, BTC Echo. This treasure hunt is designed to identify young talent fluent in blockchain technology to combat cybercrime.

In addition to the Facebook post, it is also tapping its Instagram following to advertise NFTs, hoping to attract the attention of social media-savvy consumers. 

What Constitutes a Sensible Recruiting Strategy for Web3? 

Increasing the reach of BND's talent acquisition initiative goes beyond just targeting young professionals fluent in these areas as well. The intelligence agency also uses social media platforms to interact with followers and recruit recruits. 

As reported by BTC Echo, a German cryptocurrency publication, the move indicates the company's commitment to adjusting to the evolving digital landscape and ensuring that it complies with the requirements of cybersecurity. The BND told the outlet: "An NFT collection was an obvious new offering for our Instagram community[...] a lot of consideration is given to blockchain technology, the associated cryptocurrencies, and the use of non-fungible tokens in various areas within the BND."  

There is no doubt that in this day and age of increasing cyber threats, it is imperative to recruit competent and experienced individuals to counter such attacks. It is precisely for this reason that federal law enforcement agencies in the U.S. have recently stepped up efforts to establish a task force investigating darknet markets and crimes related to digital currencies. 

As a result of its unique recruitment strategy, BND appears to be seeking to become more than just a criminal law enforcement organization. Instead, it wants to become a company engaged in the pursuit of a forward-thinking workforce that is capable of taking on the new challenges in the digital world of the future. This initiative has served as proof that, despite the overwhelming tide of technological change that sweeps the globe, even intelligence agencies aren't immune to the effects of such a sweeping tide, irrespective of the region in which they operate.
Read more »
UK
Crypto Cyber Security Cyberattacks CyberCrime Gambcare NFT UK

"New Crypto Ad Rules: Mandatory 24-Hour Cooling-Off Period Introduced"

 


British consumers who purchase crypto assets from October 1st will be entitled to a mandatory 24-hour "cooling-off" period, to strengthen consumer protections. As a consequence, consumers will have a better chance of avoiding cryptocurrency scams. 

Reuters reports that the Financial Conduct Authority (FCA) has imposed updated marketing rules based on concerns raised regarding the lack of direct regulation of crypto assets such as bitcoin on a global scale, as a result of concerns raised about the lack of direct regulation. 

There will be a delay in the process of completing the transaction for new investors. Up to ten out of every ten adults in the UK own at least one form of cryptocurrency, according to government estimates. 

There could be serious consequences for owners of companies who fail to comply with the regulation, such as jail time, fines, or both. 

Specifically, the FCA's updated guidelines will eliminate "refer a friend" bonuses for crypto buyers, as well as require promoters to provide clear risk warnings and ensure that advertisements related to crypto assets are transparent, fair, and cannot mislead prospective buyers. 

The FCA worked on similar regulations last year to address advertising for high-risk investments in traditional finance. These regulations have been implemented as a result of those regulations. In the coming years, the US government plans on passing an updated financial services law that will regulate crypto assets. This is aligned with Britain's plans to regulate crypto assets by 2020. 

The rules, which are expected to take effect on 8 October, will apply to crypto assets, including digital currencies such as bitcoins. These assets have the qualities of being transferrable and fungible.  

It follows that the updated advertising guidelines will not cover the purchase of non-fungible tokens (NFTs), with the only exception being that they will be forbidden by the updated guidelines from being offered as incentives for crypto investments. 

A parliament committee reported last month that the characteristics of cryptocurrencies are "more closely related to those of gambling than the characteristics of financial services". In the past two years, GambCare, an organization that offers help people who are struggling with investing in cryptocurrency and other forms of online financial markets, has received more than 300 calls from people who need assistance. 

Following the passage of legislation by the government to give it authority over how digital assets are advertised, the Financial Conduct Authority is bringing these changes into effect. 

All crypto companies operating in the UK will be subject to the new rules and regulations. Those who break the rules will be subjected to a range of actions by the FCA, including removing them from their websites if they persist. 

Sheldon Mills, who is the executive director of the Consumers and Competition Bureau, said that its research revealed that “many people regret making a hasty decision.”

Due to the increasing complexity of the cryptocurrency landscape, introducing mandatory 24-hour cooling-off periods in cryptocurrency advertisements is a significant step towards protecting consumers and promoting responsible investment practices to keep them safe and secure. With the updated ad rules, potential investors are given more time for thoughtful consideration and research, therefore reducing the risk of impulsive decisions and assisting them to make more informed decisions. 

There is a need to reaffirm the commitment of regulators to striking a balance between fostering innovation and protecting the interests of individuals and organizations when it comes to regulating the exciting world of cryptocurrencies while monitoring the effectiveness of these measures.   
Read more »
XS-Leak
Cloud Misconfiguration NFT Open Sea Phishing Attack User Privacy Vulnerabilties and Exploits XS-Leak

OpenSea NFT Market Users' Identities Were Exposed via a Bug

In 2022, OpenSea had more than 1 million members who had registered and more than 121 million people visited the website each month. Because of this, OpenSea is not only the biggest NFT market but also a highly attractive target for cybercriminals. Any platform flaw could present a chance for criminal activity and result in catastrophe for gullible consumers.

The cross-site search vulnerability, which a hacker can use to gain user identities, was made possible by a misconfiguration.

According to the report, OpenSea has subsequently issued a patch to address the problem. In order to reduce the possibility of additional exploitation, the patch limits cross-origin communication. The vulnerability no longer exists, according to the cyber security company's analysis of the remedy.

Web applications which use query-based search systems are vulnerable to cross-site search. By submitting queries and looking for variations in the search system's behavior when it returns or doesn't, it enables an attacker to retrieve sensitive data from another origin.

After confirming that the fundamental exploit strategies were effective, researchers started looking at OpenSea's search feature. ElasticSearch was referenced by the company in one of their job listings, therefore this is probably the engine they utilize for their search function. 

With the help of ElasticSearch, you can swiftly search through and analyze huge amounts of data. ElasticSearch's capacity to normalize language via language-specific analyzers and stemmers is one of its important features.

The $13.3 billion market's use of the incorrectly configured iFrame-resizer library is the root of the problem. Cross-site search vulnerability occurs when this library is used in environments where cross-origin communication is unrestricted. This problem resulted from OpenSea's lack of restrictions.

Misconfiguration permits the existence of this bug and user identity exposure. Given that the NFT ecosystem is solely predicated on anonymity, this kind of weakness might have major financial repercussions for OpenSea because, if exploited, the attacker could conduct phishing assaults. They could also keep tabs on those who made the most expensive NFT purchases.

Immediately after the vulnerability was made public, OpenSea patched it by limiting cross-origin communication. This reduced the vulnerability's potential for further exploitation. In order to stop the exploitation of these platforms, it is crucial to be constantly on the lookout for inherent faults and vulnerabilities.


Read more »
Suspected Hackers
Crypto Scam Cyber Crime Cybersecurity NFT NFTs Suspected Hackers

Five Suspects Charged for $2.5 million Worth NFTs Theft, Targeting Bored Ape NFT Owners

 

On Wednesday, October 12, five crypto scammers in France faced allegations of collaborating in a phishing scam and were consequently charged. Allegedly, the suspects have audaciously acquired and resold $2.5 million worth of blue chip non-fungible tokens (NFTs). The phishing scam prominently targeted Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) owners. 
 
As per the prosecution, the alleged suspects leveraged a phishing scam in order to steal the assets, enticing victims through a fake website, while promising to animate their NFTs, reports Agence France Presse (AFP) in a post by Barrons. 
 
The charged suspects aged between 18 and 24, are residents of Paris, Caen, and Tours. Two of the five scammers are charged with manufacturing the fraudulent phishing site that enabled the theft. The rest three were accused of taking charge of advertising and money laundering aspects of the phishing, says deputy chief of France’s cyber-crime authority, Christopher Durand. 
 
The prosecution charges included “fraud committed as a part of criminal gang, concealing fraud and criminal association.” The subjects have been placed in pre-trial detention by the French authorities, along with their parents. The parents of one of the accused have also been arrested, but later they were released without charge. 
 
The deputy chief says that the probe was initially started as a result of an investigation by well-known Twitter user “ZachXBT" ZachXBT, describing himself as an “on-chain sleuth" in a blog post mentioned how the Twitter user “Dilly Dilly" had clicked on a link shared by “a verified member of the BAYC Discord" and consequently had his BAYC NFT stolen after approving a transaction on website that “he was lead to believe would produce an animated version” of his NFT.  
 
ZachXBT claims that after selling the stolen tokens on the NFT marketplace Opensea, the accused tried to hide the tracks by using the now-sanctioned Tornado Cash protocol. 
 
A report by blockchain analytics firm Elliptic suggests that over $100 million worth of NFTs being stolen between July 2021 and July 2022. Along with these recent incidents, NFT fraud seems to be rapidly booming in general and thus has sparked security concerns.  
 
This news sees the light of day when the firm behind the Bored Ape collection, Yuga Labs is under investigation for its business practices. Although the organization has not yet been charged with any misconduct, the Securities and Exchange Commission (SEC) is now investigating the start-up, to check if the anonymous sources reported by Bloomberg are true.
Read more »
NFT
Blockchain Security CoinDesk Crypto Cyber Attacks Discord Ethereum Meta NFT

NFTs Worth 200 Ether Were Stolen From the Bored Ape Yacht Club 

 

Yuga Lab's Bored Ape Yacht Club or Otherside Metaverse Discord services were hacked to publish a phishing scheme, hackers allegedly took approximately $257,000 in Ethereum and 32 NFTs. A Yuga Labs community manager's Discord account was allegedly hacked on June 4 and used to spread a phishing scam on the firm's Discord servers. 

According to Coindesk, the attacker hacked Boris Vagner's Discord account, put many phishing links on the account, its related metaverse account 'Otherside,' and the NFT fantasy football team Spoiled Banana Society's (SPS) Discord account. As of 8.50 a.m., the worldwide crypto market capitalization had increased by 3.43 percent to $1.27 trillion. According to Coinmarketcap data, worldwide crypto volume increased by 18.04 percent to $51.24 billion. 

The phishing communications, which claimed to be from Vagner, advertised an exclusive prize and stated that only BAYC, Mutant Ape Yacht Club, and Otherside NFTS holders were eligible. The owners were then directed to a phishing site, where they were requested to input the login information. The attackers then took all Ethereum and NFTS contained in the account's associated wallet after receiving the login credentials. Yuga Labs finally regained login to the Discord server, but not before significant harm had been done. 

The seized NFTS were worth roughly 200 ETH ($361,000) according to BAYC's official Twitter account. The perpetrators made off with 145 Ethereum and 32 NFTS, valued at a total of $250,000.

Approximately 32 NFTs were taken, according to blockchain cybersecurity firm PeckShield, including the Bored Ape Yacht Club, Otherdeed, Bored App Kennel Club, and Mutant Ape Yacht Club projects. 

As per the reports, it is unknown how the forum manager's account was hacked or whether two-factor authentication was turned on, which generally protects against such assaults.
Read more »
Passwords
Blockchain cryptocurrency Digital Assets Fake Sites malware NFT Passwords

Alert! Scam Pixelmon NFT Website Hosts Password-stealing Malware

 

A bogus Pixelmon NFT site tempts visitors with free tokens and collectables while infecting them with spyware that steals their cryptocurrency wallets. Pixelmon is a popular NFT project with plans to create an online metaverse game where users can gather, train, and battle other players with pixelmon pets. 

The project has attracted a lot of attention, with nearly 200,000 Twitter followers and over 25,000 Discord members. Threat actors have replicated the original pixelmon.club website and built a fake version at pixelmon[.]pw to deliver malware to take advantage of this interest. Instead of providing a demo of the project's game, the malicious site provides executables that install password-stealing malware on a device. 

The website is selling a package named Installer.zip that contains a faulty executable that does not infect customers with malware. However, MalwareHunterTeam, which was the first to identify this malicious site, detected other dangerous files transmitted by it, allowing to see what malware it was spreading. Setup.zip, which contains the setup.lnk file, is one of the files sent by this fraudulent site. Setup.lnk is a Windows shortcut that runs a PowerShell command to download pixelmon[.]pw's system32.hta file. 

When BleepingComputer tested these malicious payloads, the System32.hta file downloaded Vidar, a password-stealing malware that is no longer widely used. Security researcher Fumik0_, who has previously examined this malware family, confirmed this. When launched, the Vidar sample from the threat actor connects to a Telegram channel and retrieves the IP address of a malware's command and control server. The malware will then obtain a configuration instruction from the C2 and download further modules to steal data from the afflicted device. 

Vidar malware may steal passwords from browsers and apps, as well as scan a computer for files with certain names, which it subsequently sends to the threat actor. The C2 commands the malware to seek for and steal numerous files, including text files, cryptocurrency wallets, backups, codes, password files, and authentication files, as seen in the malware setup below. Because this is an NFT site, visitors are expected to have bitcoin wallets installed on their PCs. 

As a result, threat actors focus on looking for and stealing cryptocurrency-related files. While the site is presently not distributing a functioning payload, BleepingComputer has observed evidence that the threat actors have been modifying the site in recent days, as payloads that were available two days ago are no longer available. 

One can expect this campaign to continue to be active, and working threats to be added soon, based on the site's activity. Due to the high number of fraudsters attempting to steal the bitcoin from NFT projects, one should always double-check that the URL they are viewing is indeed associated with  their interested project.
Read more »
Open Sea
Crypto Cyber Attacks Digital Assets Discord Hackers NFT Open Sea

OpenSea Warns of Discord Channel Hack

 

The nonfungible token (NFT) marketplace OpenSea had a server breach on its primary Discord channel, with hackers posting phoney "Youtube partnership" announcements. A screenshot shared on Friday reveals a phishing site linked to fraudulent collaboration news. 

The marketplace's Discord server was hacked Friday morning, according to OpenSea Support's official Twitter account, which urged users not to click links in the channel. OpenSea has "partnered with YouTube to bring their community into the NFT Space," according to the hacker's original post on the announcements channel. 

It also stated that they will collaborate with OpenSea to create a mint pass that would allow holders to mint their project for free. The attacker appeared to have been able to stay on the server for a long time before OpenSea staff was able to recover control. The hacker uploaded follow-ups to the initial totally bogus statement, reiterating the phoney link and saying that 70% of the supply had already been coined, in an attempt to generate "fear of missing out" in the victims. 

The scammer also tried to persuade OpenSea users by claiming that anyone who claimed the NFTs would receive "insane utilities" from YouTube. They state that this offer is one-of-a-kind and that there would be no other rounds to engage in, which is typical of scammers. As of this writing, on-chain data indicates that 13 wallets have been infiltrated, with the most valued stolen NFT being a Founders' Pass worth about 3.33 ETH ($8,982.58). 

According to initial reports, the hacker used webhooks to get access to server controls. A webhook is a server plugin that lets other software get real-time data. Hackers are increasingly using webhooks as an attack vector since they allow them to send messages from official server accounts. The OpenSea Discord server isn't the only one that uses webhooks. 

In early April, a similar flaw enabled the hacker to utilise official server identities to post phishing links on several popular NFT collections' channels, including Bored Ape Yacht Club, Doodles, and KaijuKings.
Read more »
Technology
Apps Blockchain Crypto Discord NFT Technology

Bored Ape & Other Major NFT Project Discords Hacked by Fraudsters

 

The Discords of several prominent NFT projects were hacked last week as part of a phishing scheme to mislead members into handing up their digital jpegs. 

In tweets, the Bored Ape Yacht Club, Nyoki, and Shamanz all confirmed Discord hacks. The Discords of NFT projects Doodles and Kaiju Kingz were also attacked, according to screenshots released by independent blockchain investigator Zachxbt. Doodles and Kaiju Kingz both confirmed that they had been hacked on their Discords. 

“Oh no, our dogs are mutating,” read one of the phishing posts posted in the BAYC Discord by a compromised bot viewed by Motherboard.

“MAKC can be staked for our $APE token. Holders of MAYC + BAYC will be able to claim exclusive rewards just by simply minting and holding our mutant dogs.” 

The hack's purpose was to get users to click a link to "mint" a phoney NFT by submitting ETH and, in some cases, an NFT to wrap into a token. 

“STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised,” the official BAYC Twitter account said early Friday morning. 

“We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.” 

"Along with blue-chip projects like BAYC, and Doodles, our server was also compromised today due to a recent large-scale hack," the Nyoki’s tweet said. 

On blockchain explorer Etherscan, two wallet addresses have been linked to the hacks and are now dubbed Fake Phishing5519 and Fake Phishing5520. The 5519 wallet, which sent 19.85 ETH to the 5520 wallets, stole at least one Mutant Ape Yacht Club NFT (a BAYC offshoot by developer Yuga Labs) and soon sold it. Early Friday morning, this second wallet delivered 61 ETH ($211,000) to the mixing service Tornado Cash. The wallet's most recent transaction is a transfer of.6 ETH to an inactive wallet, which subsequently sent the same amount to an extremely active wallet with 1,447 ETH ($5 million), 6 million Tether coins ($6 million), and a variety of other tokens. 

This is not the first or last attack on crypto assets on Discord, which, while being a gaming-focused network, serves as a crucial centre for the great majority of projects. Crypto projects already have to deal with hacks that take advantage of smart contract flaws, but the fact that so many of them are also on Discord subjects them to frauds that exploit the power of the platform itself. 

Several high-profile accounts have already fallen prey to schemes that hacked bots responsible for channel-wide announcements and pushed websites in order to steal ETH, NFTs, or wallets.
Read more »
User Security
Cyber Security Internet Scam NFT Scam User Security

NFT Collector Scammed into Buying Fake Banksy Bidding

 

A hacker compromised a site of famed street artist Banksy and sold an NFT (non-fungal token) of artist's art for more than $336,000. The hacker, however, returned all the stolen cash except a transaction fee. The incident, however, has sent a message to cybersecurity experts, and also a new threat is on the rise: NFTs. In this case, the hacker did an auction on the genuine Banksy website "banksy.co.uk", which is said to be the first Banksy NFT, as per BBC. If a collector buys an NFT, they don't get copyright or ownership over the image. 

An unknown collector(British) identified by BBC as 'prominent', also goes by the name "Pranksy" offered 90% more than the other bidder to https://threatpost.com/nft-collector-tricked-into-buying-fake-banksy/169179/ the Banksy NFT. According to ThreatPost, the Bolster research team also tracks emerging NFT scams and found the most popular cybercriminal tactics include setting up fake stores, the sale of fake art (Banksy is a popular lure), Airdrop scams offering free crypto and brand impersonation on social media. 

"The NFT market has surged recently, with more than $2.5 billion so far just this year. And as the market attracts money, it will draw in cybercriminals looking for a piece of the action. Consumers will have to increase their awareness around potential NFT fraud, experts predict," reports ThreatPost. When some background check was done on the hacker, he returned most of the money earlier this week, except $6,918 and transaction fees. Pranksy says that he never expected of a refund. The reason could be Pranksy tracked the hacker and followed him on Twitter, and the incident also received a lot of press coverage, which may have compelled the hacker to refund the stolen amount. He also said that others wouldn't have the same luck if they went through the same thing. 

The genuine Banksy and his team responded to the incident with a statement "the artist Banksy has not created any NFT artworks." Bolster's Young-Sae Song said that it would've been very tough for someone to notice the Banksy NFT Auction was a scam. Abhilash Garimella, Bolster researcher, had earlier predicted that "these scams will get more complex and sophisticated. Scammers will keep innovating to make sure users fall for these. Not just NFTs, when buying anything online, a buyer needs to be aware of where and to whom they are giving away their credit card or banking information."
Read more »
Subscribe to: Posts (Atom)