A unfortunate user has lost hundreds of thousands of dollars worth of irreplaceable non-fungible tokens (NFTs) due to a sophisticated phishing scam in the Blur market.
The incident, initiated by 0xQuit on Twitter, involved the loss of 40 Bored Ape Yacht Club NFTs, 1 Beanz, and 3 Elementals, all listed at a price of X wei, the smallest unit of Ethereum blockchain ETH. Based on the lowest price of each asset, the total amount stolen is approximately $239,676.
The scam was carried out by an unidentified criminal who exploited a flaw in Blur’s whitelist system for private sales.
According to 0xQuit, a Solidity developer and auditor, the scammer manipulated NFT settings to bypass the default strategies in Blur, which does not support private lists.
Typically, when a scammer lures someone into listing an NFT at an almost free price, automated bots would outbid it by paying a higher fee, leaving the scammer with nothing. To counter this, the criminal invited people to list NFTs at a high price, with all proceeds flowing into the scammer’s address. They achieved this by implementing a rule that would render any transaction invalid unless the scammer made a purchase, effectively privatizing the sale.
Read more:
NFT sales have seen a significant decline in recent years
0xQuit pointed out that the scam involved deceiving victims into signing orders on phishing websites, often through false X account promotions or airdrop verifications.
In some cases, authorities have traced the individuals responsible for large-scale fraud. For example, last month, three British nationals were charged with orchestrating a $30,000 fraud related to NFT collections in the “Evolved Apes” of 2021.
