Beware of free NFTs: New Sleepdrop scam identified by Forta Network
Security and operational monitoring network, Forta Network, has issued a stark warning about a new form of the notorious sleepdrop scam. This time scammers are using non-fungible tokens (NFTs) and verified contracts to trick unsuspecting users.
A prepared man is worth two
Forta Network emphasizes the critical importance of not interacting with unknown tokens. It encourages users to analyze any smart contracts they interact with and double-check if they receive information from official social media accounts, thus avoiding phishing links.
Christian Seifert, a researcher at Forta Network, stated to be extra careful as even the company’s social media might be compromised. Moreover, the scammer’s contract is verified, but the actual execution logic is cleverly delegated to another, unverified contract. So even when interacting with a verified contract it’s best to be extra careful.
What is the Modus Operandi?
The California-based organization discovered the new scam when a fresh NFT from Lido, a renowned DeFi (Decentralized Finance) protocol, was transferred into a Forta multisig wallet. Further investigation, corroborated by Lido’s confirmation that the NFT didn’t originate from them, revealed the scam.
The scheme involves multiple steps: the scammer begins by creating an ERC-1155, a collection of NFTs, that falsely mimics a reputable team. They then transfer the majority of these fraudulent assets to a genuine contract, one that has conducted an airdrop in the past.
In a cunning attempt to deceive the targets even more, the fraudsters embed a phishing URL within the details of the NFT. This strategy takes a substantial detour from the common sleepdrop scam, as it dangles NFTs as a decoy prize rather than ERC-20 tokens.
The crypto frontier of fraud
Up to this point, these fraudsters have effectively masqueraded as tokens from Uniswap, Chainlink, Lido, and Circle, leaving behind a path marked by deceptive transactions and breached security.
While cybercrime in the crypto sphere has declined throughout 2023, reports show that it is still a rampant problem. We are witnessing the same number of attacks as last year; the only difference is that the losses aren’t as severe, with a decrease of 54% year-over-year.
However, attacks are becoming more and more sophisticated. They mainly target DeFi protocols, bridges between blockchains, and NFTs. Another problem is the lack of consequences for scammers, as even celebrities like Logan Paul have gotten away with stealing investors’ money without any legal consequences.
While many Bitcoin maximalists and some crypto community members are against regulation of the industry, it may be the only solution to protecting investors and combating the prevalence of scams within the industry.
Be it as it may, the premise of crypto is for people to become their own banks, and with that comes the added freedom and responsibility of being in full control of your own money and becoming aware of threats like this latest sleepdrop attack.
