Scammers on NFT platforms continue to be a significant problem for NFT collectors and exchanges, as minor negligence or inattention from NFT collectors leads to the loss of millions of dollars worth of NFTs in a matter of seconds. Recently, scammers used a phishing attempt mimicking the Otherside NFT launch by Yuga Labs to steal at least $3.7 million worth of NFTs. Scammers use this new form of NFT scam known as ‘site mimicking’ to defraud early NFT collectors, as they did in the case of the Otherside NFT.
The NFT community on Twitter and Discord are currently facing a wave of NFT social media hacks like NFT Discord scams that use phishing attacks and unique scams such as the Unicode Letters scam to target NFT collectors and steal their NFTs. If you have not yet read our article about the Unicode letters scam, please read it as it will help you thoroughly understand this new NFT scam which we will refer to as the NFT site mimicking scam.
To briefly review, scammers use multiple techniques to create phishing websites and NFT platform replicas to mislead and trick NFT collectors. Among the many methods scammers use to create fake websites are Unicode characters in the website URL, which redirects to a mimicking site scam and defrauds the NFT collectors by stealing their valuable NFT assets.
The intense rush at minting new Non-fungible Tokens (NFTs) during the launch of potentially valuable collections such as the Otherside NFT or Moonbirds NFT collection allows scammers to take advantage of early NFT collector’s negligence and unsuspecting behaviors.
This article will explain what the mimicking site scam is, how scammers use it to steal NFTs from collectors, and how you can protect your NFT to prevent scammers from stealing your NFTs.
What is the Site Mimicking Scam?
Site mimicking is a popular NFT scam in which scammers create fake copies of genuine NFT marketplaces and platforms to trick NFT collectors and investors and steal their NFTs or other crypto tokens. Such scammers may use Google or Twitter advertising to mislead users into visiting the phishing website. The only difference between the two sites is usually just one letter, which NFT collectors easily confuse with the original NFT platforms or marketplace. Unsurprisingly, the NFTs stolen through the site mimicking scam are always the sole responsibility of the NFT collectors as it is their negligence and lack of attention when visiting such sites.
Here is an example of an NFT site mimicking a scam where scammers have advertised the platform on Google:
NFT Site Mimicking Scam (Source: On-chain Analyst OkHotshot)
Following the Twitter account hack of DeeKay on Friday, July 15, scammers tweeted phishing links from the NFT artist's Twitter account, which redirected users to a similar site mimicking scam.
Sadly, many of DeeKay's followers believed the tweet and fell prey to the site mimicking the scam of DeeKay's official NFT website. While attempting to claim NFTs on the mimicking site, the victims authorized a transaction that enabled the scammer to access the NFT collectors’ crypto wallets. The scammer ultimately stole $150,000 in NFTs from the victims.
Tweet from DeeKay following the hack and site mimicking scam
So how does the Site Mimicking Scam Work?
The NFT security analyst and enthusiast Serpent tweeted about a site mimicking scam on May 10, 2022. According to him, the scammer was able to steal roughly 100 ETH by ranking top in Google's search results for the NFT trading platform X2Y2. This explains the intensity of the site mimicking NFT scammers such that they even use Google ads for advertising and ranking their phishing websites.
Tweet from Serpent about a site mimicking scam
So how does the NFT site mimicking scam work?
The first step scammer uses for the NFT site mimicking scam is to create a completely identical website for the targeted NFT platform, project, or marketplace. For instance, we will take an example of an OpenSea site mimicking a scam, as you may see below:
Source: Developer and NFT Enthusiast Steven Tey
The scammers, in this case, used the Unicode characters in the website URL; as we discussed earlier, Steven Tey, a friend of his, lost $70K to scammers on the OpenSea site, mimicking scam.
Using the mimicking site, the NFT scammers trick NFT collectors into believing in the website's authenticity. The scammers then use Google ads or other social media advertising to market the NFT phishing website and mislead NFT collectors to visit the platform due to its top ranking on the search or the NFT collector's lack thereof of attention. Here is another example of such a site mimicking scams from the famous NFT creator Gary Vaynerchuk:
Source: Gary Vaynerchuk
Once such scammers are successful at generating leads or redirecting users to their fake websites, they wait for the NFT collectors to connect their NFT or crypto wallets. The NFT collectors or investors that fall prey to site mimicking scams connect their NFT or crypto wallets and approve the scam transactions lose all their NFT assets to such scams as the malicious smart contract wipes the victims’ wallets.
The Takeaway – How to Avoid NFT Site Mimicking Scams
As more individuals adopt NFTs, scammers refine their techniques to trick more victims. Scammers are constantly creating mimicking sites that they engineer to seem exactly like an authentic site you may be familiar with, such as OpenSea, down to the last detail (the URL, of course).
Verifying the correctness of the URL before proceeding is one of the essential security measures you can take. Verifying the legitimacy of a website's URL before clicking on it may help protect you against online scams.
ApeCoin’s Tweet Against the Site Mimicking Scam
As always, do the due diligence before you visit any NFT platform or connect your crypto NFT wallet. The best strategy to avoid NFT sites mimicking scams is to either bookmark the NFT platform's website that you regularly visit or redirect to their website from their verified social media platforms. Secondly, never share your wallet seed phrase with anyone, including officials from NFT platforms. Similarly, ensure the authenticity of any website through multiple sources before connecting your NFT wallet or approving the NFT transaction.
For the latest NFT security updates, guidelines, and other important information, visit all our recent articles.