Asian King Jay Chou's NFT Stolen, How to Identify NFT Fraud
On April 1, 2022, Jay Chou posted on Instagram that the BAYC#3738 NFT he held had been stolen. It is understood that the NFT was presented by MachiBigBrother in January this year. According to information from Opensea and Ethscan, the NFT was transferred from Jay Chou’s address and quickly changed hands at LooksRare at prices of 130ETH and 155ETH. It is worth noting that at this stage, NFT has not yet formed a complete regulatory policy or relevant legal norms. At a time when the popularity of NFT remains high,
How the holders pay attention to identifying fraudulent means has become a problem that cannot be ignored.
1. Links to fraudulent websites via Discord private messages
Discord private message links are commonly used by hackers to deceive. Hackers often send private messages to members of different communities in Discord, or pretend to be community administrators to privately message users to help solve problems to defraud wallet private keys. Or send fake phishing websites telling users that they can claim NFTs for free, etc. Once a user authorizes a fake website forged by hackers, it will bring huge losses to the user.
2. Attack the Discord server
Discord server is hacked is something that almost every popular NFT project will experience. The hacker will attack the account of the server administrator, and then publish fake announcements in various channels of the server, tricking community members to go to the fake website that the hacker has built a long time ago. Fake NFTs. Today's hackers will deceive the server administrator's token by sending fraudulent websites, etc., so even if the administrator turns on 2 FA two-factor authentication, it will not help. If the fraudulent website built by hackers will require the authorization of the user's wallet, it will bring more serious property losses to the user.
3. Send fake transaction links
This type of scam is often seen in the NFT transaction process in which the scammer negotiates privately with the user. Trading platforms such as Sudoswap and NFTtrader encourage users to "exchange" each other's NFTs or tokens through private negotiation, and these platforms also provide security for privately negotiated transactions, which is a good thing for the NFT market, but Now some hackers have started to defraud through fake Sudoswap and NFTtrader websites.
Sudoswap and NFTtrader require users to initiate a transaction after the negotiation is completed. This step will generate an order confirmation website. After the two parties confirm, the transaction will be automatically carried out through smart contracts. The scammer will pretend to discuss which NFTs to exchange with you at first, and show you a real website link first, and then propose to modify the transaction. After the trader relaxes his vigilance, the scammer will send a scam link, and the user clicks to confirm the transaction. , the corresponding NFT in the wallet will be sent to the scammer's wallet.
4. Defrauding mnemonics
Fraudsters will induce users to send their private keys or mnemonics to themselves through various means, such as setting up a fraudulent website, pretending to be an administrator to help users, etc. mnemonic.
5. Create fake Collections and seek deals on the project's public Discord channel
Fake NFT collections are the easiest to come across before many popular projects go on sale. When the NFT blind box is officially launched, the scammers will upload NFT collections with similar names on NFT trading platforms such as OpenSea in advance, and beautifully "decorate" this collection through the official information released in advance. If the real NFT collection is not online, users will first search for the collection with the closest name. In order to convince users that several transactions will be made, some scammers send Offer bids to fake NFTs currently pending orders.
In order to save the royalties of the platform and the project party, community members will conduct private transactions. In addition to the imitation of Sudoswap and NFTtrader websites mentioned above, there are also scammers who send fake prices slightly lower than the floor price in the community channel. Link to NFT Collection. Users are often deceived by ignoring the authenticity of NFTs when they are eager to buy NFTs below the floor price.
6. Fake emails
Most NFT platforms require users to bind their mailboxes so that users can know the transaction status of their NFTs at the first time. Therefore, mailboxes have also become a gathering place for fraud. Fraudsters usually pretend to be the official account of the OpenSea platform, and send phishing website links to users in such a way that the contract address needs to be modified or the wallet needs to be re-authenticated. Recently, after OpenSea announced the contract upgrade, hackers defrauded users of nearly $4 million in property in this way. As of the writing date, the OpenSea team is still investigating compromised users.
Fraud Prevention Guide
1. URL screening
No matter what gimmicky packaging the hacker uses and how confusing the language is, when he finally steals your crypto assets, he always needs a way to interact with your wallet. Ordinary users may not have the ability to discern contract risks, but fortunately, we are still in an Internet world dominated by web2. Almost all encrypted contracts require a web2 front-end web page to interact with the user.
As a result, almost the vast majority of crypto-asset theft to users (rather than project parties) happens on fake phishing sites. And once you know how to spot a phishing site, it will be enough to help you avoid 99% of crypto theft.
For Generation Z, who grew up with smartphones, they live in the "ecology" created by one app after another, and may have neglected to understand the old thing of web pages. In the era of web2, the DNS domain name system has given each website a unique identity on the entire network. Understanding the basic rules of domain name composition will be enough to deal with almost all fake phishing websites.
In traditional DNS domain names, the domain name hierarchy is divided into three levels. Read from right to left starting with the first delimiter (/), with each period separating a level. Taking https://www.opensea.io/ as an example, ".io" is similar to ".com", ".cn", etc. It is called a top-level domain name, and this field cannot be customized. "opensea" is called the second-level domain name, that is, the main body of the domain name. This field cannot be repeated under the same top-level domain name (such as the same .io). The "www" part is the third-level domain name, and website operators can set this field by themselves. Even operators can continue to add fourth-level domain names and fifth-level domain names before "www".
The hierarchical order of domain names is counter-intuitive: from right to left, the hierarchy gradually decreases. This design is the exact opposite of most people's reading habits, and it also allows attackers to take advantage. For example, https://www.opensea.io.example.com is highly similar to the opensea address, but its actual domain name is "example.com" instead of "opensea.io".
Whether Web3 still has phishing attacks is hard to predict. But in the world of Web2, the DNS domain name system ensures the uniqueness of domain names (or URLs), and it is almost impossible for users to open fake websites if the domain name is real.
2. Do not reveal the private key or mnemonic
Crypto wallets are not like Web2's email accounts. Private keys and mnemonics cannot be modified or retrieved. Once leaked, it means that the wallet will belong to both you and the hacker. All assets in your wallet can be transferred by hackers at any time. , and due to the anonymity of the Ethereum address, you can't find out who the hacker is, the loss can't be recovered, and the wallet can no longer be used.
3. Cancel wallet authorization in time
If you have authorized the wallet on the fraudulent website, you can promptly go to the following three addresses to check the wallet authorization and cancel it in time: