Common NFT Scams: Social Media Hacks

Common NFT Scams: Social Media Hacks

The NFT community constantly faces new cyber threats and scamming attacks from malicious developers seeking to get their hands on valuable NFT assets. In recent months, there has been a rapid increase in the number of new NFT scams that hackers use to exploit the security vulnerabilities of NFT wallets. Such scammers prey on those seeking to purchase or sell NFTs through various methods, including taking advantage of vulnerabilities in NFT wallet token approvals or security flaws on NFT platforms.   

Fortunately, the NFT community is a beautiful space wherein collectors, and NFT advocates have consistently raised awareness about social media hack scams. For instance, if you are unaware of the NFT wallet token approvals scam and want to secure your NFT assets, you can follow our guide on How to Remove Token Approvals and Permissions Safely. 

The NFT communities on Twitter and Discord contribute significantly to the NFT ecosystem since they facilitate global NFT adoption and mainstreaming. Potential NFT collectors and investors follow various enthusiasts, web3 security analysts, and the official social media accounts of NFT platforms to stay on top of the most recent developments in the NFT ecosystem. Following the social media accounts of NFT creators and artists also enables investors to take advantage of NFT airdrops and giveaways. 

Realizing the importance of social media in adopting NFTs, hackers are now taking a dig at the social media accounts of NFT projects, creators, and influencers to share scam links and mislead novice NFT collectors. 

In this article, we'll examine the most recent NFT scam that has led to the theft of valuable NFT assets from a bunch of novice NFT investors. We will also learn why such scams arise and how they work.

What are NFT Social Media Hacks? 

Social media hacks are the most recent type of NFT scam, in which malicious hackers breach the social media accounts of popular NFT influencers, artists, or platforms and disseminate phishing links to mislead followers and loot their NFT wallets. In the year up to July, analysis suggests that hackers stole more than $100m (£85m) worth of non-fungible tokens through social media hacks and similar scams, with hackers cashing away with an average of $300,000 per scheme.

Following other common NFT scams such as phishingblind contract signing, and honeypot accounts, hacked social media accounts are the latest scams that are on the rise in the 2022 NFT ecosystem. NFT social media hacking has become so common that more than a day or two cannot pass without an influential project or creator's account getting hacked.

A hack like this could have severe ramifications for NFT collectors. For example, users who fell for the scam via compromised social media accounts may lose millions of dollars worth of NFT collectibles and other tokens. 

How does Hacked Social Media NFT Accounts Scam Work? 

The scammers behind the hacked social media NFT accounts impersonate popular NFT projects, creators, or influencers by gaining access to their accounts and posting links to NFT scams. For example, here is a tweet from the renowned digital artist Beeple when hackers breached Beeple’s Twitter account

undefined

Beeple’s Hacked Twitter Account Tweet (Source: harry.eth)

When users click on such links, connect a wallet, and approve the prompted transaction, they expose themselves to an NFT scam that steals the user's NFTs and other crypto tokens by transferring them to the scammer's NFT wallet. A malicious smart contract on the scam website facilitated the NFT transaction and transfer. 

The most recent case of a hacked social media account scam is Nouns, an Ethereum NFT project, which had its Twitter account hacked on June 27. In total, attackers stole about 42 ETH ($64,000) worth of NFTs from 25 users who followed the shared scam link. This is only one recent case of a similar attack.

undefined

NounsDAO’s Tweet after their Social Media Account was Hacked (Source: ZachXBT)

Another notable instance of a social media hack from a big NFT project to date is the Bored Ape Yacht Club, which had its Instagram account infiltrated with a bogus mint link in April. Yuga Labs stated it was trying to reach impacted consumers and estimated the worth of stolen NFTs at about $2.8 million.

Notable Social Media NFT Account Hacks and Scams: 

Although there have been several NFT scams because of the hacked social media accounts of famous NFT Projects, creators, enthusiasts, and influencers, the following are the most notable examples:  

Mike “Beeple” Winkelmann:

According to MetaMask security expert Harry Denley, $438,000 worth of tokens and NFTs were stolen from customers when the social media account of renowned artist Mike "Beeple" Winkelmann in late May after hackers compromised his social media account. There was no indication of user compensation from Beeple.

Zeneca.eth from ZenAcademy:

In July 2022, hackers compromised the Twitter account of pseudonymous NFT collector and investor Zeneca; the extent of the harm to users is yet unknown. Following the hack, hackers shared a link to a "stealth mint" on the NFT collector's Twitter account. The link redirected victims of the scam to a phishing website, which mimicked ZenAcademy. Zeneca shared detail of the post-hack analysis on his Twitter. 

undefined

Zeneca from ZenAcademy’s Hacked Social Media Account Scam (Source: ZachXBT)

Jenkins the Valet:

In June, hackers hacked the Twitter account of Jenkins the Valet, a Tally Labs NFT project based on a Bored Ape Yacht Club NFT. The developers claimed that consumers had lost Bored Apes, Mutant Apes, and other valuable NFTs due to the vulnerability and would reimburse users based on the floor price (or least priced NFT) for each project.

undefined

Jenkins The Valet Hacked Social Media Account Scam (Source: ZachXBT)

The Takeaway – “Social Media Hacks” a Threat to NFT Community 

As per a tweet from Bored Ape Yacht Club developer Yuga Labs on Monday, the latest wave of social media hacking is only the beginning of a more significant attack on the NFT community. In addition to Beeple, Zeneca, Nouns DAO, and Jenkins Valet, the following Twitter accounts were also successful targets of hackers for scamming NFT users: Keyboard Monkey, FranklinIsBored, British Army, Duppies, DegenTown, and DeekayMotion.

While improvements to the software and user interfaces may help mitigate the effects of scams and better equip NFT traders to remain attentive, education may further assuage similar scams' concerns.

Stay informed of the latest NFT updates, security threats, and safety guidelines by reading more of our articles.

keyboard_arrow_up