Rare Bears NFT phishing attack
Last month, some users of the leading NFT marketplace OpenSea fell victim to a phishing attack that claimed around $1.7 million worth of digital collectibles. Malicious actors have now moved over to the recently-launched Rare Bears NFT project, with users losing NFTs and other cryptocurrency assets worth around $790,000 in a phishing attack.
The Rare Bears team revealed that the hacker took advantage of the weakened security in its Discord group to spread a phishing link.
The NFT collection, which consists of 2,400 cartoon-themed bears on Ethereum, was created by New Zealand-based digital “Enox” and only went public last week.
A Hong Kong NFT project, the Monkey Kingdom, loses $1.3 million in a phishing attack
Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace
A screenshot posted by a user on Twitter showed what seemed to be a bogus message from an imposter disguised as a Discord administrator named Zhodan.
The message from the hacker, which had a link to a scam website, implied that there was a new NFT minting. This message enticed members with info of an additional 1,000 NFTs being added to the collection at a mint price of 0.1 ETH ($280).
According to security firm PeckShield, the bogus website anchored a malicious smart contract that gave them control over unsuspecting victims’ wallets after any form of interaction. Through this avenue, the hacker made away with 179 NFTs along with other assets belonging to everyone involved in the mint.
Subsequently, the hacker started transferring the loot to their Ethereum address at about 7:34 PM UTC on Wednesday, where the NFTs were sold one at a time at about 286 ETH (approximately $790,000).
A majority of the sum (213 ETH) was dispersed through mixing service Tornado Cash while the remaining 72.3 ETH was sent across three wallets, probably under the hacker’s control.
Rare Bears NFT phishing attack