The month before, Jeff Nicholas popped into the Discord channel of OpenSea, the most popular NFT marketplace, seeking assistance with a problem related to royalties. Within minutes, a person by an alias of “Pascal | OpenSea” responded by inviting him to join another Discord known as “OpenSea Support Server.” He was greeted with “Nate | OpenSea,” provided with a queue number and then began discussing the resolution process with two agents. Pascal refers to the company’s customer service leader as well as Nate could be Nate Chastain who was the chief of product at the time.
There was neither Nate or Pascal or Pascal, and Nicholas was not on an online customer support service. The scammers had targeted him with a pack of fraudsters pretending to be OpenSea employees and then they went to work. In a bid to keep Nicholas in a state of customer support hell They would call his phone repeatedly, telling him the time was drawing near. In terms of online customer service standards, this was normal and even good considering how private they were. Individualized messages, a special Discord invitation, and a variety of team members doing their best to work as quick that they possibly could.
If there was anything that seemed out of place in the conversations there was something that was off. It was the fact it was that “Nate” kept calling him “my guy.” But with family obligations and service fatigue, Nicholas overlooked the faux error. After hours of banter the two of them casually suggested that sharing his computer with them. To Nicholas this was the next step to troubleshoot the issue For the scammers, their eyes started to shine.
The value of NFTs has risen and so has the chance of fraud
Within the next hour, scammers took out NFT pets, apes and even dogs from Nicholas his wallet. Since Nicholas had shared his computer screen the scammers were able take a photo that contained the QR code that was synced with his personal key also known as a “seed phrase,” quietly having all access to his wealth. To stop Nicholas from being scammed, the fraudsters gently assured him that royalty payments would be coming as they hurriedly transferred the NFTs away. As soon as his suspicions were finally cleared off, it was way too to be too late. The total loss was around 150 ETH which is roughly $480,000. The moment he learned of the scam and he posted one phrase: “Fuck.”
Since the valuations of NFTs have risen all over the world, with certain projects being classified as “blue chip” due to the high or stabilizing valuations. So is the risk of fraudsters. In the NFT market, the term “scam” covers many bases. It can be a reference to a business whose team makes millions from fake promises to customers and consumers, also referred to as”rug pull “rug pull”; fake Twitter giveaways by NFTs which harvest followers and retweets to make it appear as if they have authority; or fraudulent links or imposters that lead to the user unaware of their personal keys.
It’s almost odd that users of a platform who are typically proficient in traditional cybersecurity, can fall prey to scams in such a short time. However, within the NFT space that is a place where social interaction, vibes, and a quick response to good deals prevail, it’s the scams with a social bent that stand out the most. Scammers are able to depend on winning the trust of the victim, take advantage of the same impulses that create the NFT market more of a tightly knit group of friends rather than an individual trading group. In this context, Nicholas calls these scams an act or “social engineering:” conditioning people to believe that they’re dealing with a trusted friend or community member in order to can relax their security.
“It takes focus to be like, ‘I am my own bank, and I am the custodian of my own money.'”
The scam that was used on Nicholas is, in all likelihood, the most sinister. If a fraudster has control over the keys of an individual they can transfer any cryptocurrency into an additional wallet. Every transaction is irreversible because of the design. If an individual is able to immediately recognize their account has been compromised, there is a furious race to transform one of the biggest assets to an uncompromising one. In Nicholas’s case, even although he secured his account using another layer of security — a device that requires the user to authorize transactions, he’d been tricked into thinking it was authorizing royalty payments in exchange for his NFTs disappeared quickly.
Because a platform like Ethereum is not centralized and provides anonymity It’s difficult to identify fraudsters who make use of anonymous wallets as victims have very few options for recourse. “It takes focus to be like, ‘I am my own bank, and I am the custodian of my own money,'” Nicholas stated. “I cannot just go through it the same way as when I visit the bank and am distracted on my mobile. You must be 100 hundred percent present. It’s very difficult to miss certain signs.”
However, blockchain transactions are transparent. each transaction can be traced regardless of whether the recipient is identifiable. In the case of the past, cybersleuths from the community discovered the fact that an OpenSea employee was trading NFTs through insider data and the unsettling transactions linked to the employee’s publicly identified account. In Nicholas’s instance the scammers’ wallets as well as the assets stolen from them remained open to scrutiny, but they it was not possible to determine the identity of the new owner.
The NFT community has started to create a scam-response plan of action
It meant that, even though the scammers themselves did not reveal their identity, OpenSea could still identify the wallet address of the fraudster. After being alerted that they had been contacted, they were required to “lock” the stolen NFTs which prevented them from being sold or sold. However, by the time they were able to lock Nicholas’ assets fraudsters were already selling them for the most expensive bidders nobody was aware that they were part of the trade of stolen items.
This caused Nicholas in a dilemma. Despite the devastating blow that he suffered of having to forfeit six figure worth of assets, including that of the Bored Ape he used as his Twitter handle and a Twitter account, he was required to as he puts it, “make buyers whole” as they had collectively paid many thousands on NFTs which were then not able to be sold.
The NFT community is beginning to devise a strategy to handle the consequences of scams that includes raising money to buy back stolen or flipped items. This usually involves community fundraising, which sees generous customers give away extra Ethereum or other NFTs in demand and artists are often able to contribute NFTs they’ve made by themselves. In many cases, victims receive no-interest cryptocurrency loans that they can invest in or begin their own creative projects to recover from their losses. The rescue bots that have names such as “Cool Cats Rescue” and “dogemaster42069” patrol the marketplace by making low-ball solicitations to scammers who are desperate for liquidity so that the NFTs are returned to their owners in a fairer way or even for no cost.
“My stolen items ended up in innocent buyers’ wallets and are now locked.”
Nicholas was connected to Sohrob who was the NFT collector who had lost, he believed, 250 ETH or $800,000 in scams. fooled him into believing they were the Bored Ape Yacht Club founders. Together, they created a fund for community members to buy new NFTs which were kept frozen. Through the collection of NFTs from the public they were able sell the donations at around 10% of the value of stolen assets, which is an impressive amount that is 32 ETH. The rest came from their own pockets.
“I was devastated because the incident that I experienced has a ripple effect on all of these people. It’s not fair that the items I stole ended up in innocent purchasers their wallets, which are now lockedup,” Farudi said.
Although the fund has brought Nicholas as well as Farudi with their most prized possessions however, it hasn’t always been straightforward. The scammers soon have sold their Bored Ape Yacht Club NFTs as a result of a scam, the value of the asset skyrocketed occasion of a Sotheby’s auction announcement as well as an expanding of Bored Ape’s ecosystem. Bored Ape ecosystem known as “Mutants.” While most buyers returned the NFTs at cost, a few ape buyers weren’t willing to exchange their exorbitant NFTs in exchange for the amount they had paid. After a lengthy negotiation, Nicholas and Farudi were successfully able to reach a settlement with the majority of buyers. There is one ape that remains. “We may have to just let it go,” Nicholas told me.
OpenSea is now introducing an SOS button
Contrary to the notion of cryptocurrency being a space that is susceptible to complex hacks, like the case of an anonymous hacker who stole more than $600 million worth of bitcoin (and later returned the entire amount) The scams perpetrated against Nicholas as well as Farudi were distinctly low-tech. There was no malicious code, it was counterfeit Discord accounts and fake name.
In response to two major scams, OpenSea has apologized to Nicholas and Farudi. It also added an SOS button that allows users to secure their account if they believe that their account has been compromised. MetaMask is the wallet platform Nicholas utilized to store his keys, has temporarily removed the QR code that grants access to keys to users as scammers have abused the vulnerability through the victim’s screen share functions on several occasions. Although Discord offers security measures to stop fraud, including unique four-digit number tags that sit on top of a username system that is not unique However, some users are of the opinion that this feature still allows the possibility of misuse.
The story of Nicholas and Farudi Their lives were disrupted within a matter of hours. Nicholas described the experience as PTSD as well as Farudi states that the psychological trauma has left him fearful every time he uses his MetaMask. If anything has led them back to the community that they were in, it was their social connections which attracted them to the first place. “It’s an account that is centered around the community. This terrible thing happened, but the people of that community came together around,” Nicholas told The Verge. “There are a lot of people whom have tried to reach out to me and stated, ‘Look at it that’s what has happened to me.. And I’ve felt embarrassed and haven’t done anything. I haven’t done anything about it , because I’m smarter than that.'”
“If this is what it took to close a vulnerability, and now other people won’t suffer the same fate,” Farudi said, “I feel good that we went out and did what we did.”