All investment/financial opinions expressed by NFTevening.com are not recommendations.
This article is educational material.
As always, make your own research prior to making any kind of investment.
This year has been no kinder to Bored Ape owners, and the latest BAYC scam is yet another shocker for the industry. 14 Ape NFTs have fallen victim to a “gasless transaction” scam, including one NFT has already been sol off. The total value of the NFTs range over $1 million. Read on to learn more about this type of scam and how to prevent it.
On December 17th, industry builder @CirrusNFT exposed an over 1200 ETH scam on Twitter. NFT collector @_sevenseason_ saw all 14 of his prized Bored Ape Yacht Club NFTs instantly stolen. The total value of this Bored Ape scam is north of $1 million. The NFT trader thought they were signing a gasless transaction for a licensing deal with web3 social IP platform The Unemployed. An unknown figure named “Jason Brubeck” approaced @_sevenseason_ asking him to accept the license contract. This scam was a result of a combination of two things. Firstly, a few loopholes in OpenSea contracts as well as a well played social engineering scam. Let’s learn more about this “gasless transaction” scam on OpenSea.
This type of scam first appears in February 2022, claiming a lot of high-profile targets and assets. It starts with a phishing link, getting users to connect their wallets to a “trustworthy” website. This is also the trickiest part of the scam, with heavy amounts of social engineering creating the illusion of trust. The second part of this scam is to get the user to sign a gasless transaction on their wallets. Most users make the mistake of thinking that no gas equals no transfers, but that is a wrong assumption.
In a Twitter thread detailing gasless scams, Chimpers dev @cap10bad.ETH details that this step actually allows users to transfer NFTs to the scammers’ wallets for 0 ETH! In the thread, he also claims that though Metamask has improved the readability of contracts, it still lacks behind. He further states “To avoid this scam: if the message is from Seaport and includes “OFFERER: YOUR WALLET”, this means you are creating a listing (of your NFT). You may read the full thread here, to learn more about this type of scam.
Moreover, OpenSea has taken no steps to close this loophole. Especially as thieves and scammers keep innovating to find new ways to exploit people. On the other hand, the Blur marketplace offers insurance by putting limits on how quickly items recently transferred can accept offers. Furthermore the wallet page that stole the NFTs “0x9335dA37d37BC5D46850EaEe48F8B9CCbE94D9a2” is now lost.
As the situation currently stands, NFT Twitter is sending love and support to @_sevenseasons_. Furthermore, users are also trying to find ways to recover the lost BAYC digital collectibles.
Thank you for reading this post, don't forget to subscribe!